is ccna certification hard

is ccna certification hard.TCP slicing and reordering attacks are one method of attack that uses traffic modification as a means to evade detection. Modifying IP packet headers to "create" two or more duplicate sliced IP packets is also considered aTraffic fragmentation attacks. Proxies and in-line security detection devices help block traffic slicing attacks. As with TCP/IP traffic, protocols can also be modified to circumvent detection by security devices. This is discussed in more detail in the next section.This is discussed in more detail in the next section.14.5 Protocol Level Errors Explanation A protocol is a set of rules or a set of data structures that govern how a computer or network device exchanges information over a network. Protocols can be manipulated to "fool" security devices into not detecting traffic correctly, because many devices and applications take for granted that the protocols used for network communication must follow industry-developed standards. It is important to understand how the protocol should work, and also to find out whether the developers of the receiving system have defined defenses (e.g., restrictions on what can be received and how to verify what is received). The second key point is to determine what happens when the receiving system encounters an unintelligible message (which means seeing a failure). A security device that misinterprets the end-to-end meaning of a network protocol can cause traffic to be ignored, dropped, or delayed, all of which can be exploited by an attacker as a "breakthrough". Another example of a protocol-level misinterpretation attack is the misuse of traffic "time to live" (TTL), a protocol in packets that serves to limit the life cycle of data within a computer network. This prevents packets from looping indefinitely. A specific technique for abusing TTL is to first send a packet with a low TTL value with the intent of having it traverse a secure receiving device with the assumption that it will then be dropped by the router. The drop occurs behind the security device (i.e., between the destination host and the security device) because the TTL value of the packet is already 0 before it reaches the intended destination host. The attacker then sends a packet with a higher TTL value in order to make the security device think that this is duplicate traffic, and therefore ignore it. As the attacker continues to increase the TTL value, the packet eventually makes its way to the destination host because the packet's TTL value is not only high enough, but is also ignored by the security device. Figure 14.9 shows the attack technique for this type of attack. As can be seen from the figure, the first packet sent by the attacker has a TTL value of 1, which means that the packet will pass through the security device, but will be ignored by the router due to its TTL value of 0.14.5 Protocol Level Error Explanation 499is discarded. Second500 Chapter 14 Security Evasion Techniquespacket has a TTL value that is sufficient for it to reach the destination host, but as long as the packet contains the same data, the security device treats it as a duplicate packet, allowing attack traffic to sneak into the network.Packet with a TTL value of 1 | Packet dropped due to TTL I timeout