11.3 Denial of Service Attacks

Question 1

What is Denial of Service?

Answer 1

Attempt to exhaust resources

i. e.
- Network bandwidth
- TCP connections
- Server resources

Question 2

3 different types of defenses against DoS attacks

Answer 2

1) Ingres Filtering
2) uRPF checks (reverse path filtering checks)
3) Syn Cookies (TCP)

Question 3

Ingres Filtering

Answer 3

Fool proof. Works at edges

Doesn’t work if core is same (This is where a routing table is needed)

Question 4

uRPF

Answer 4

Pros: Automatic
Cons: Requires symmetric routing

Question 5

Syn Cookies

Answer 5

When server receives a SYN from client, the server keeps no state and picks a sequence number of server and client src,dst and port… server will check seq number by rehashing info it already has to make sure it corresponds.

Question 6

Quiz:

What are some advantages of SYN cookies?

Answer 6

Can prevent server from exhausting state after receiving the initial TCP SYN packet

Question 7

When an attacker spoofs a source IP address, the replies to that initial TCP SYN from the victim will go to the location of the source IP adress. These replies to forge attack messages are called

Inferring Dos Activity

Answer 7

Backscatter

Question 8

Quiz:
Telescope: 2^16 addresses (n)
Backscatter: 100,000 pps (x)

What is the attack rate?

Answer 8

m = x*(2^32/n)
m=100,00(2^32/2^16)
m=100,000(2^16)
m=100,000 * 65536
m=6,553,600,000
m=6.5 billion pps