Chapter 7

Question 1

5th most costly form of attack for the respondents

Answer 1

DoS

Question 2

is an action that prevents or impairs the authorized use of networks, systems, or application by exhausting resources.

Answer 2

DoS

Question 3

categories of resources that could be attacked

Answer 3

• Network Bandwidth
• System Resources
• Application Resources

Question 4

relates to the capacity of the network links connecting a server to the wider Internet

Answer 4

Network Bandwidth

Question 5

The system can no longer communicate over the network until this software is reloaded

Answer 5

poison packet

Question 6

examples of poison of death

Answer 6

• ping of death

- teardrop

Question 7

• The aim of this attack is to overwhelm the capacity of the network connection to the target organization
• Traffic can be handled by higher capacity links on the path, but packets are discarded as capacity decreases
• Network Performance is noticeably affected

Answer 7

flooding ping command attack

Question 8

flooding attack disadvantages

Answer 8

• the source of the attack is explicitly identified

- the targeted system will attempt to respond to the packets being sent

Question 9

• A common characteristic of packets used in many types of DoS attacks is the use of forged source address –> harder to identify and via raw socket interface
• attacker generates large volumes of packets that have the target system as the destination address
• Congestion would result in the router connected to the final, lower capacity link
• Requires netwerk engineers to specifically query flow information from their routers

Answer 9

• source address spoofing

Question 10

• Common DoS attack
• This attacks the ability of a network server to respond to TCP connection requests by overflowing the tables used to manage such connection
• legitimate users are denied access to the server
• an attack on system resources, specifically the network handling code in the OS

Answer 10

SYN spoofing attack

Question 11

The standard protocol used for call setup in VoIP is the _____

Answer 11

Session Initiation Protocol

Question 12

refers to an attack that bombards Web Servers with HTTP requests.

Answer 12

HTTP Floods

Question 13

• It exploits the common server technique of using multiple threads to support multiple requests to same server application
• Eventually consumes Web Server’s connection capacity
• Attempts to monopolize by sending HTTP requests that never complete
• Utilizes legitimate HTTP traffic
• Existing intrusion detection and prevention solution that rely on signatures to detect attacks will generally not recognize slowloris

Answer 13

Slowloris

Question 14

• For most organizations this is their connection to their Internet Service Provider (ISP)

Answer 14

• Network Bandwidth

Question 15

Aims to overload or crash the network handling software

Answer 15

System Resources

Question 16

Typically involves a number of valid requests, each of which consumers significant resources, thus limiting the ability of the server to respond to requests from other users

Answer 16

Application Resources

Question 17

Advertise routes to unused IP addresses to monitor attack traffic

Answer 17

Backscatter traffic

Question 18

• Classifies based on network protocol used
• Intent is to overload the network capacity on some link to a server
• Virtually any type of network packet can be used

Answer 18

• ICMP Flood
• UDP Flood
• TCP/SYN flood

Question 19

• Ping flood using ICMP echo request packets

- network administrators allow suck packets into their network because ping is a useful network diagnostic tool

Answer 19

ICMP flood

Question 20

• Uses UDP packets directed to some port number on the target system

Answer 20

UDP flood

Question 21

• Sends TCP packets to the targeted system

- Total volume of packets is the aim of the attack rather than the system code

Answer 21

• TCP/SYN flood

Question 22

• uses of multiple systems to generate attacks
• Attackers uses a flaw in operating system or in a common application to gain access and installs their program ion it (zombie
• Large collections of such systems under the control of one attacker’s control can be created, forming a botnet)

Answer 22

• DDoS

Question 23

HTTP based attack

Answer 23

• HTTP flood

- Slowloris

Question 24

• attack that bombards Web servers with HTTP requests

- Consumes considerable resources

Answer 24

HTTP flood

Question 25

Bots starting from a given HTTP link and following all links on the provided Web site in a recursive way

Answer 25

Spidering

Question 26

• Attacker sends packets to a known service on the intermediary with a spoofed source address of the actual target system
• When intermediary responds, the response is sent to the target
• “Reflects” the attack off the intermediary (reflector)
• Goal is to generate enough volumes of packets to flood the link to the target system without alerting the intermediary
• The basic defense against these attacks is blocking spoofed-source packets

Answer 26

Reflection Attacks

Question 27

• Use packets directed at a legitimate DNS server as the intermediary system
• Attacker creates a series of DNS requests containing the spoofed source address of the target system
• Exploit DNS behavior to convert a small request to a much larger response (amplification)
• Target is flooded with responses
• Basic defense against this attack is to prevent the use of spoofed source addresses

Answer 27

DNS Amplification Attacks

Question 28

• Block IP directed broadcasts
• Block suspicious services and combinations
• Manage application attacks with a form of graphical puzzle (captcha) to distinguish legitimate human requests
• Good general system security practices
• Use mirrored and replicated servers when high-performance and reliability is required

Answer 28

DoS Attack Prevention

Question 29

Four lines of defense against DDoS attacks:

Answer 29

• Attack prevention and preemption (before attack)
• Attack detection and filtering (During the attack)
• Attack source traceback and identification (During and after the attack)
• Attack reaction (after the attack)