Module G6: Deny Specific Attacks (PE) Flashcards
What describes this type of DOS attack using TCP/IP to bombard a target system with SYN requests in an attempt to overwhelm connection queues and force a system to become unresponsive
SYN Attack
TCP/IP Attack
Smurf Attack
Fraggle Attack
SYN Attack
What is it called when a hacker uses an IP address other than their own to conceal their identity.
SYN Attack
TCP/IP Attack
Spoofing
Fraggle Attack
spoofing
All of the following are ways to mitigate SYN attacks except?
Increasing Backlog queue
Recycling the Oldest Half-Open TCP connection
SYN Cookies
Configuring Firewall to Allow any, any traffic
Configuring Firewall to Allow any, any traffic
TCP Intercept Mode?
Actively intercepts each incoming connection request (SYN) and responds on behalf of the server with a SYN-ACK
Blocks all ingress connections during a DOS attack
Connections requests are allowed to pass through the router to the server but are watched until they become established
Actively sets your firewall to stop a DOS attack
Actively intercepts each incoming connection request (SYN) and responds on behalf of the server with a SYN-ACK
TCP watch Mode?
Actively intercepts each incoming connection request (SYN) and responds on behalf of the server with a SYN-ACK
Blocks all ingress connections during a DOS attack
Connections requests are allowed to pass through the router to the server but are watched until they become established
Actively sets your firewall to stop a DOS attack
Connections requests are allowed to pass through the router to the server but are watched until they become established
A Land attack?
Only is a threat to networks with dial up modems
Is a common UDP Flood attack
Has the same source and destination address
Is no longer a threat
Has the same source and destination address
A Smurf Attack?
Deluge a vast multitude of devices with ICMP pings that contain the victim’s fabricated source IP address
Use fraudulent UDP packets to deteriorate a server’s normal operation
Has the same source and destination address
Is no longer a threat
Deluge a vast multitude of devices with ICMP pings that contain the victim’s fabricated source IP address
A Fraggle Attack?
Deluge a vast multitude of devices with ICMP pings that contain the victim’s fabricated source IP address
Use fraudulent UDP packets to deteriorate a server’s normal operation
Has the same source and destination address
Is no longer a threat
Use fraudulent UDP packets to deteriorate a server’s normal operation
An ICMP Echo Reply is what number?
9
14
0
5
0
Based on the targeted network components and the mechanisms used, DDoS attacks can be split into three top-level categories. They are all of the following accept:
Volumetric attacks
Protocol attacks
Application layer attacks
Data Link Layer attacks
Data Link Layer attacks
A SYN Flood attack exploits the ______ Three-way handshake.
TCP
This DDoS attack leverages multiple User Datagram Protocol (UDP) packets. For the record, UDP connections lack a handshaking mechanism (unlike TCP), and therefore the IP address verification options are very limited. When this exploitation is in full swing, the volume of dummy packets exceeds the target server’s maximum capacity for processing and responding to requests.
UDP Flood
VOIP Flood
NTP Flood
DNS Flood
UDP Flood
This DDoS attack is a variant of UDP Flood that specifically homes in on DNS servers. The malefactor generates a slew of fake DNS request packets resembling legitimate ones that appear to originate from a huge number of different IP addresses. DNS Flood is one of the hardest denial-of-service raids to prevent and recover from
UDP Flood
VOIP Flood
NTP Flood
DNS Flood
DNS Flood
This attack is one of the oldest networking protocols tasked with clock synchronization between electronic systems, is at the core of another DDoS attack vector.
UDP Flood
VOIP Flood
NTP Flood
DNS Flood
NTP Flood
This is a common form of UDP Flood that targets a Voice over Internet Protocol (VoIP) server
UDP Flood
VOIP Flood
NTP Flood
DNS Flood
VOIP Flood