Denial Of Service/ Zero Day Attacks (Comptia Objective 2.5)

Question 1

What is a Denial Of Service and how does it work?

Answer 1

• Forces a service to fail.( Overload the service)
• Takes advantage of a design failure or vulnerability so it’s important to keep your systems patched!
• Sometimes a third party will cause a system to become unavailable to gain a competitive advantage
• Denial of services can also be used to create a “smokescreen” for some other exploit. E.G. precursor to DNS spoofing attack.
• A basic form of denial of service would be where power is disconnected to the building thus creating a denial of service.

Question 2

What is a friendly DOS( Denial Of Service) what are some examples/ how can they happen?

Answer 2

• Unintentional DoSing( It’s not always a ne’er-do-well
• Network DoS( Layer 2 loop without Spanning Tree Protocol. This is where two switches are connected together twice creating a loop where traffic just keeps getting sent round in circles until the loop breaks
• Bandwidth DoS( Where multiple people exceed a networks bandwidth by downloading multiple gigabyte sized files at the same time overloading the network. E.G. Linux distributions over a DSL line.
• A Waterline break( Get a good shop vacuum) causing an evacuation of the building.

Question 3

What is a Distributed Denial Of Service( DDoS)

Answer 3

• Is when an army of computers are launched to bring down a service. They do this by using all the bandwidth or resources( traffic spike) \
• This is why the bad guys use botnets as you can have thousands or millions of computers at your command. At it’s peak Zeus botnet infected over 3.6 million PC’s these type of attacks are considered to be Coordinated attacks.
• The attackers are zombies( Many people have no idea they are participating in a botnet

Question 4

How can you go about Mitigating a DDoS attack?

Answer 4

• You may be able to filter out traffic patterns( Stop the traffic at your firewall
• You can also contact your ISP as they may have anti-DDoS systems. They can help “turn down” the DDoS volume
• Third party software solutions available such as CloudFlare( They setup a reverse proxy for detailed analysis of the web traffic causing the DDoS) etc.

Question 5

What are Zero-day attacks? How do they work?

Answer 5

• Many applications have vulnerabilities( We’ve just not found them yet). Zero day attacks take advantage of discovering vulnerabilities before they are known about and have yet to be patched.
• Someone is always working hard to find the next big vulnerability( The good guys share these with the developer)
• Bad Guys keep these yet to be discovered holes to themselves and use them for personal gain to gain access to a system or sell their knowledge for personal gain.
• Zero-day( The vulnerability has not been detected or published) . Zero-day exploits are increasingly common.
• You can obtain a maintained list of vulnerabilities we know about at //cve.mitre.org/

Question 6

What would be a real life example of a Zero-day vulnerability?

Answer 6

• March 2017
  CVE-2017-0199 Microsoft Office/ Wordpad Remote Code Execution Vulnerability with Windows API
• Basically all that it took for this vulnerability to take place would be opening Microsoft office or a Word pad file.
• Although the vulnerability was documented as of March 2017 SophosLabs documented the attack in the wild since November of 2016.
• May 2019 CVE-2019-0863 Windows Error Reporting Service. Allowed an elevation of privilege vulnerability. Windows Error reporting was interacting with files. Discovered in the wild. Access was elevated on compromised systems. Regular accounts were all of a sudden able to run with admin access.