Ch. 7 - Vocab Flashcards
amplification attack
sending a packet with a spoofed source address for the target system to intermediaries, generating multiple packets from each original packet
availability
system being accessible and usable on demand by authorized users
backscatter traffic botnet
echo response packets generated in response to a ping flood using randomly spoofed source addresses
denial of service
compromise availability by hindering the provision of some service
directed broadcast
an IP broadcast to all devices within a single directly-attached network or subnet
distributed denial of service
the use of multiple systems to generate denial of service attacks
DNS amplification attack
exploiting the behavior of the DNS protocol to convert a small request into a much larger response
flash crowd
where high traffic leading to a denial of service is a natural phenomenon
flooding attack
to overload the network capacity on some link to a server
Internet Control Message Protocol
used internet devices to communicate error information or updates to other devices
ICMP flood
flood of ICMP packets such as echo request packets
poison packet
packets whose structure triggers a bug in the system’s network handling software, causing it to crash
reflection attack
sends packets to an intermediary with a spoofed source address of the actual target system
slashdotted
as known as a flash crowded
source address spoofing
using a forged source address
SYN cookie
information about the connection is encoded in a cookie that sent as the server’s initial sequence number; this is sent in a SYN-ACK packet.
SYN flood
similar effect as a SYN spoofing attack but the total volume of packets is the aim of the attack
SYN spoofing
generates a very large number of syn connection request packets with forged source address, overwhelming the table of known TCP connections. The server is unable to respond to legitimate requests
TCP
Transmission Control Protocol, providing reliable, ordered, and error-checked delivery of a stream of octets (bytes) between applications running on hosts communicating via an IP network
three-way TCP handshake
- Client system sends a SYN packet
- The server responds with a SYN-ACK packet
- The client sends an ACK packet marking connection as complete
UDP
User Datagram Protocol, uses a simple connectionless communication model with a minimum of protocol mechanisms
UDP flood
the overwhelming use of UDP packets directed to some port number, taking up some occupying capacity on the link to the server
zombie
systems that are controlled by unauthorized users through the use of malware
random drop
where the TCP connections table selectively drops an incomplete connection when it overflows, allowing a new connection to succeed
