Denial of Service Flashcards
Random Scanning
Each compromised computer probes
random addresses
Permutation Scanning
All compromised computers share a
common pseudo-random permutation of the
IP address space
Signpost Scanning
Uses the communication patterns of the
compromised computer to find new target.
Hitlist Scanning
A portion of a list of targets is supplied to
a compromised computer
subnet proofing
generate random addresses within a given address space
Random spoofing
generate 32-bit numbers and stamp packets with them
Fixed spoofing
the spoofed address is the address of the target
Goal of DDOS
take out a large computer site / app / infra with as little computing resources as possible
What are the reasons why the UDP-based NTP protocol is particularly vulnerable to amplification attacks?
A small command can generate a large response
Vulnerable to source IP spoofing.
It is difficult to ensure computers communicate only with legitimate NTP servers
Which of the following are true?
The server must reject all TCP options because the server discards the SYN queue entry
SYN cookies lead to overall slower performance
SYN cookies require modified versions
The server must reject all TCP options because the server discards the SYN queue entry
With regards to a UDP flood attack, which of the following are true?
- Attackers can spoof the IP address of their UDP packets
- the attack can be mitigated with firewalls
- firewalls can’t stop a flood because the firewall is susceptible to flooding
- Attackers can spoof the IP address of their UDP packets
- firewalls can’t stop a flood because the firewall is susceptible to flooding
What is the main idea behind slowing down DOS attackers?
Slow down the hacker!
What are client puzzles and what do they do?
- everyone must submit a puzzle solution with requests during a DOS attack which slows down the requests
- When there is no attack, no solution is needed
Why is SSL/TLS handshake vulnerable to DDOS?
TBD
What are client puzzles and what are they used for?
TBD
Why is it recommended to use memory bound functions as problems to solve during DOS attack?
TBD
Which of the following statements is true?
- Client puzzles should be stateless
- Puzzle complexity should increase as the strength of the attack increases
- Client puzzles should be hard to construct. This is an indication of the level of difficulty to solve them
Client puzzles should be stateless
Puzzle complexity should increase as the strength of the attack increases
Which of the following are assumptions that can be made about Traceback?
Attackers can work alone or in groups
Attackers can generate limited types of packets
Attackers are not aware of the tracing mechanism
Attackers can work alone or in groups
Select all statements that are true for edge sampling:
- Multiple attackers can be identified since edge identifies splits in reverse path
- It’s difficult for victims to reconstruct a path to the attacker
- Require space in the IP packet header
Require space in the packet header
Multiple attackers can be identified since edge identifies splits in reverse path
What is a reflector attack?
Reflector Attack:
Spoofs victim’s IP and sends requests to many DNS servers
All DNS servers respond to magnify traffic to target
Victim is flooded
Self defense against reflector atacks should incorporate
which of the following:
- Filtering - filter DNS traffic as close to the victim as possible
- Server redundancy - servers should be located in multiple networks and locations
- Traffic limiting - traffic from a name server should be limited to reasonable thresholds
Server redundancy - servers should be located in multiple networks and locations
Traffic limiting - traffic from a name server should be limited to reasonable thresholds
