Ch. 7 - Vocab

Question 1

amplification attack

Answer 1

sending a packet with a spoofed source address for the target system to intermediaries, generating multiple packets from each original packet

Question 2

availability

Answer 2

system being accessible and usable on demand by authorized users

Question 3

backscatter traffic botnet

Answer 3

echo response packets generated in response to a ping flood using randomly spoofed source addresses

Question 4

denial of service

Answer 4

compromise availability by hindering the provision of some service

Question 5

directed broadcast

Answer 5

an IP broadcast to all devices within a single directly-attached network or subnet

Question 6

distributed denial of service

Answer 6

the use of multiple systems to generate denial of service attacks

Question 7

DNS amplification attack

Answer 7

exploiting the behavior of the DNS protocol to convert a small request into a much larger response

Question 8

flash crowd

Answer 8

where high traffic leading to a denial of service is a natural phenomenon

Question 9

flooding attack

Answer 9

to overload the network capacity on some link to a server

Question 10

Internet Control Message Protocol

Answer 10

used internet devices to communicate error information or updates to other devices

Question 11

ICMP flood

Answer 11

flood of ICMP packets such as echo request packets

Question 12

poison packet

Answer 12

packets whose structure triggers a bug in the system’s network handling software, causing it to crash

Question 13

reflection attack

Answer 13

sends packets to an intermediary with a spoofed source address of the actual target system

Question 14

slashdotted

Answer 14

as known as a flash crowded

Question 15

source address spoofing

Answer 15

using a forged source address

Question 16

SYN cookie

Answer 16

information about the connection is encoded in a cookie that sent as the server’s initial sequence number; this is sent in a SYN-ACK packet.

Question 17

SYN flood

Answer 17

similar effect as a SYN spoofing attack but the total volume of packets is the aim of the attack

Question 18

SYN spoofing

Answer 18

generates a very large number of syn connection request packets with forged source address, overwhelming the table of known TCP connections. The server is unable to respond to legitimate requests

Question 19

TCP

Answer 19

Transmission Control Protocol, providing reliable, ordered, and error-checked delivery of a stream of octets (bytes) between applications running on hosts communicating via an IP network

Question 20

three-way TCP handshake

Answer 20

1. Client system sends a SYN packet
2. The server responds with a SYN-ACK packet
3. The client sends an ACK packet marking connection as complete

Question 21

UDP

Answer 21

User Datagram Protocol, uses a simple connectionless communication model with a minimum of protocol mechanisms

Question 22

UDP flood

Answer 22

the overwhelming use of UDP packets directed to some port number, taking up some occupying capacity on the link to the server

Question 23

zombie

Answer 23

systems that are controlled by unauthorized users through the use of malware

Question 24

random drop

Answer 24

where the TCP connections table selectively drops an incomplete connection when it overflows, allowing a new connection to succeed