Module G6: Deny Specific Attacks (PE) Flashcards
What describes this type of DOS attack using TCP/IP to bombard a target system with SYN requests in an attempt to overwhelm connection queues and force a system to become unresponsive
SYN Attack
TCP/IP Attack
Smurf Attack
Fraggle Attack
SYN Attack
What is it called when a hacker uses an IP address other than their own to conceal their identity.
SYN Attack
TCP/IP Attack
Spoofing
Fraggle Attack
spoofing
All of the following are ways to mitigate SYN attacks except?
Increasing Backlog queue
Recycling the Oldest Half-Open TCP connection
SYN Cookies
Configuring Firewall to Allow any, any traffic
Configuring Firewall to Allow any, any traffic
TCP Intercept Mode?
Actively intercepts each incoming connection request (SYN) and responds on behalf of the server with a SYN-ACK
Blocks all ingress connections during a DOS attack
Connections requests are allowed to pass through the router to the server but are watched until they become established
Actively sets your firewall to stop a DOS attack
Actively intercepts each incoming connection request (SYN) and responds on behalf of the server with a SYN-ACK
TCP watch Mode?
Actively intercepts each incoming connection request (SYN) and responds on behalf of the server with a SYN-ACK
Blocks all ingress connections during a DOS attack
Connections requests are allowed to pass through the router to the server but are watched until they become established
Actively sets your firewall to stop a DOS attack
Connections requests are allowed to pass through the router to the server but are watched until they become established
A Land attack?
Only is a threat to networks with dial up modems
Is a common UDP Flood attack
Has the same source and destination address
Is no longer a threat
Has the same source and destination address
A Smurf Attack?
Deluge a vast multitude of devices with ICMP pings that contain the victim’s fabricated source IP address
Use fraudulent UDP packets to deteriorate a server’s normal operation
Has the same source and destination address
Is no longer a threat
Deluge a vast multitude of devices with ICMP pings that contain the victim’s fabricated source IP address
A Fraggle Attack?
Deluge a vast multitude of devices with ICMP pings that contain the victim’s fabricated source IP address
Use fraudulent UDP packets to deteriorate a server’s normal operation
Has the same source and destination address
Is no longer a threat
Use fraudulent UDP packets to deteriorate a server’s normal operation
An ICMP Echo Reply is what number?
9
14
0
5
0
Based on the targeted network components and the mechanisms used, DDoS attacks can be split into three top-level categories. They are all of the following accept:
Volumetric attacks
Protocol attacks
Application layer attacks
Data Link Layer attacks
Data Link Layer attacks
A SYN Flood attack exploits the ______ Three-way handshake.
TCP
This DDoS attack leverages multiple User Datagram Protocol (UDP) packets. For the record, UDP connections lack a handshaking mechanism (unlike TCP), and therefore the IP address verification options are very limited. When this exploitation is in full swing, the volume of dummy packets exceeds the target server’s maximum capacity for processing and responding to requests.
UDP Flood
VOIP Flood
NTP Flood
DNS Flood
UDP Flood
This DDoS attack is a variant of UDP Flood that specifically homes in on DNS servers. The malefactor generates a slew of fake DNS request packets resembling legitimate ones that appear to originate from a huge number of different IP addresses. DNS Flood is one of the hardest denial-of-service raids to prevent and recover from
UDP Flood
VOIP Flood
NTP Flood
DNS Flood
DNS Flood
This attack is one of the oldest networking protocols tasked with clock synchronization between electronic systems, is at the core of another DDoS attack vector.
UDP Flood
VOIP Flood
NTP Flood
DNS Flood
NTP Flood
This is a common form of UDP Flood that targets a Voice over Internet Protocol (VoIP) server
UDP Flood
VOIP Flood
NTP Flood
DNS Flood
VOIP Flood
All of the following are responses to a DDOS except
Securing your Infrastructure
Train a response team
Practice Basic Network security
Use Default Cisco Configurations
Use Default Cisco Configurations
Symptoms of a DDOS include all of the following except
Spotty Connectivity
Improved Performance
Slow Network
Host Machine Freezing
Improved performance
A policy used to increase your security posture would be to Engage in strong security practices can keep business networks from being compromised. Secure practices include complex __________ that change on a regular basis,
passwords
A zero Day DDOS is one that takes advantage of an unknown vulnerability
True
False
True
This attacks goal is to overburden a program’s regular expression implementation with instances of highly complex string search patterns.
ReDOS
Slowloris
High Orbit Ion Cannon
Low Orbit Ion Cannon
ReDOS
