DDos Flashcards
1
Q
DoS
A
malicious consumption / exhaustion of resources
- Volumetric attacks: cause congestion within or between target network and rest of the world
- Protocol attacks: exhaust resources available on the target.
- Application layer attack: target aspects of application layer, can be stealthy
2
Q
Session State Exhaustion
A
- each communication channel between two parties has session state number
- attack: exhaust the session state table of the server
- > server can’t accept any new connection
- > might crash
- > drop existing connections
mitigation: encode state in a unique but determined way that allows the server to validate the state in the replay instead of keeping state table
3
Q
SYN Flood Attack
A
Session state exhaustion attack
- SYN flood with spoofed source address
- server tries to keep state, eventually table overflows
- > server unable to accept any leg. connections
mitigation: server sends SYN cookie instead of keeping state
4
Q
IP Spoofing defense
A
- Ingress filtering: Gateway router drops packet with invalid scr ip. Problem: no deployment incentive
- iTrace: 1 in 20’000 packets triggers router to send route information.
+DDoS victim can reconstruct attack path
-extra packet increases traffic - Packet marking: mark id field with info that enables reconstruction of IP address, needs ca 1000 packets for probabilistic marking
5
Q
Shrew attacks
A
achieve DoS with low bandwidth
- Temporal lensing
- TCP congestion control attack
6
Q
DDoS Defence
A
- IP ingress filtering
- computational puzzles
- IP traceback
- Network controll
- Cloud or ISP based filtering
7
Q
Cloud & ISP based mitigation
A
Cloud based:
- service provider acts as man in the middle
- change bgp or DNS to redirect traffic to service provider
ISSUE: Can easily be bypassed if victims IP is known
ISP based:
- traffic is redirected to scrubbing center of ISP
- ISP inspects traffic and sends good traffic back to victim
ISSUES:
- privacy issue
- high cost
