Page 1207 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1207

normally divided into smaller fragments when they’re sent over a
               network, and the receiving system then puts the packet fragments

               back together into their original state. However, a teardrop attack
               mangles these packets in such a way that the system cannot put them
               back together. Older systems couldn’t handle this situation and
               crashed, but patches resolved the problem. Although current systems
               aren’t susceptible to teardrop attacks, this does emphasize the
               importance of keeping systems up-to-date. Additionally, intrusion
               detection systems can check for malformed packets.



               Land Attacks

               A land attack occurs when the attacker sends spoofed SYN packets to
               a victim using the victim’s IP address as both the source and
               destination IP address. This tricks the system into constantly replying
               to itself and can cause it to freeze, crash, or reboot. This attack was
               first discovered in 1997, and it has resurfaced several times attacking
               different ports. Keeping a system up-to-date and filtering traffic to

               detect traffic with identical source and destination addresses helps to
               protect against LAND attacks.


               Zero-Day Exploit

               A zero-day exploit refers to an attack on a system exploiting a
               vulnerability that is unknown to others. However, security
               professionals use the term in different contexts and it has some minor
               differences based on the context. Here are some examples:

               Attacker First Discovers a Vulnerability When an attacker

               discovers a vulnerability, the attacker can easily exploit it because the
               attacker is the only one aware of the vulnerability. At this point, the
               vendor is unaware of the vulnerability and has not developed or
               released a patch. This is the common definition of a zero-day exploit.

               Vendor Learns of Vulnerability When vendors learn of a
               vulnerability, they evaluate the seriousness of the threat and prioritize

               the development of a patch. Software patches can be complex and
               require extensive testing to ensure that the patch does not cause other
               problems. Vendors may develop and release patches within days for
               serious threats, or they may take months to develop and release a
   1202   1203   1204   1205   1206   1207   1208   1209   1210   1211   1212