Denial of Service Attacks Flashcards
A ____________ attack is an attempt to compromise availability by hindering or blocking completely the provision of some service.
Denial-Of-serive (DoS)
What are the three resources that can be targeted during a DoS?
Network Bandwidth
System resources
Application resources
______ _______ relates to the capacity of the network links connecting a server to the wider Internet (ISP).
Network Bandwidth
A form of system resource attack that uses packets whose structure triggers a bug in the system’s network handling software, causing it to crash.
Poison packet
A common characteristic of packets used in many types of DoS attacks is the use of forged source addresses.
Source address spoofing
The ability of a network server to respond to TCP connection request by overflowing the tables used to manage such connections.
SYN spoofing
_______ attacks take a variety of forms, based on which network protocol is being used to implant the attack. In all cases the intent is generally to overload the network capacity on some link to a server.
Flooding
What is the difference between SYN flooding attack and SYN spoofing attack.
In SYN flooding it is the total volume of packets that is the aim of the attack rather than the system code.
What are three indirect attack types that utilize multiple systems?
Distributed denial-of-service
Reflector attacks
Amplifier attacks
An _____ ______ refers to an attack that bombards Web servers with HTTP requests.
HTTP flood
Typically a DDos attack, with HTTP requests coming form many different bots.
______ exploits the common server technique of using multiple threads to support multiple requests to the same server applications
Slowloris
The attacker sends packets to a known service on the intermediary with a spoofed source address of the actual target system. When the intermediary responds, the response is sent to the target. Effectively this reflects the attack off the intermediary.
Reflection attack
______ _______ are a variant of reflector attacks and also involve sending a packet with a spoofed source address for the target system to intermediaries.
Amplification attack
What are the four lines of defense against DDoS attacks?
Attack prevention and preemption (before the attack)
Attack detection and filtering (during the attack)
Attack source traceback and identification (during and after the attack)
Attack reaction (after the attack)
These mechanisms enable the victim to endure attack attempts without denying service to legitimate clients. Techniques include enforcing policies for resource consumption and providing backup resources available on demand. In addition, prevention mechanisms modify systems and protocols on the internet to reduce the possibility of DDoS attacks.
Attack prevention and preemption (before the attack)
These mechanisms attempt to detect the attack as it begins and respond immediately. This minimizes the impact of the attack on the target. Detection involves looking for suspicious patterns of behavior. Response involves filtering out packets likely to be part of the attack.
Attack detection and filtering (during the attack)
This is an attempt to identify the source of the attack as a first step in preventing future attacks. However, this method typically does not yield results fast enough, if at all, to mitigate an ongoing attack.
Attack source traceback and identification (during and after the attack)
This is an attempt to eliminate or curtails the effects of an attack.
Attack reaction (after the attack)
Relates to the capacity of the network links connecting a server to the internet
Network Bandwidth
Aims to overload or crash the network handling software
System Resources
Typically involves a number of valid requests, each of which consumes significant resources, thus limiting the ability of the server to respond to requests from other users.
Application resources
Flooding ping command
Aim of this attack is to overwhelm the capacity of the network connection to the target organization.
Classic DoS Attacks
Attacks the ability of a server to respond to future connection requests by overflowing the tables used to manage them.
SYN Spoofing
What does ICMP stand for?
Internet Control Message Protocol
Ping flood using _____ echo request packets. Traditionally network administrators allow such packets into their networks because ping is a useful network diagnostic
ICMP flood
What are three different flooding attacks
ICMP flood
UDP flood
TCP SYN flood
Uses _____ packets directed to some port number on the target system
UDP flood
Sends _____ packets to the target system. Total volume of packets is the aim of the attack rather than the system code.
TCP SYN flood
What does SIP stand for?
Session Initiation Protocol
Attack that bombards Web servers with HTTP requests. Consumes considerable resources.
HTTP flood
Use packets directed at a legitimate DNS server as the intermediary system. Attacker creates a series of DNS requests containing the spoofed source address of the target system. Exploit DNS behavior to convert a small request to a much larger response.
DNS Amplification Attacks
