Section 19.178 Malicious Activity: and Distributed Denial of Service Flashcards
Objective 2.4 Given a scenario, you must be able to analyse indicators of malicious activity
Malicious Activity
Constantly evolving threats in the digital age
■ Concerns: Cyber attacks, increasing in frequency and sophistication
■ Purpose: Delve into cyber threats, types, mechanisms, and impacts
Understanding cyber threats is the first step towards its prevention and mitigation
Denial of Service (DoS)
Used to describe an attack that attempts to make a computer or server’s resources unavailable
■ Can be extended to network devices like switches and routhers also
This is a type of attack that can be carried out in many different ways
Distributed Denial of Service catagories: 1. Flood Attacks
Flood Attack
Specialised type of DoS which attempts to send more packages to a single server or host
Distributed Denial of Service catagories: 1. Flood Attacks
Ping Flood
Varities of Flood Attack
A variety of Flood Attack in which a server is sent with too many pings (ICMP echo)
Ping Flood has become very common place many organisation now simply block echo replies and simply have a firewall dropping these requests when received
A ping is technically an ICMP echo request packet but they like to call it a ping on the exam
Distributed Denial of Service catagories: 1. Flood Attacks
SYN Flood
Varities of Flood Attack
An attacker will initiate multiple TCP sessions but never complete the three-way handshake
● Consumes server resources and prevents legitimate connections
● Countermeasures -
○ Flood guard
○ Timeout configurations
○ Intrusion prevention systems
Permanent Denial of Service (PDOS) Attack
Exploits security flaws to break a networking device permanently by re-flashing its firmware
■ Requires a full firmware reload to bring the device back online
Fork Bomb
Attack creates a large number of processes (fork), consuming processing power
■ Not considered a worm, as it doesn’t infect programs or use the network
■ Self-replicating nature causes a denial of service condition
Distributed Denial of Service (DDoS) attack
Malicious attempt to disrupt the normal functioning of a network, service, or
website by overwhelming it with a flood of internet traffic
■ Involves multiple machines attacking a single server simultaneously.
■ Attackers often use compromised machines within a botnet
■ Techniques like DNS amplification can amplify the attack’s impact
■ DDoS attacks aim to force the target server offline temporarily
A denial of service attack involving the continual flooding of a victim system with request for services that causes a system to crash and run out of memory. Now this all usually happens when you’re talking about one system attacking one system but that wasn’t enough with modern computers.
So we moved up to the distributed denial of service attack where hundreds or thousands
of people target a single server to take it down.
GIT HUB attack
March of 2018, the website GitHub was hit by the largest DDoS
This is where tens of thousands
of unique endpoints conducted a coordinated attack to hit that server with a spike in traffic, and the spike in traffic went up to 1.35 terabits per second.
This took the website offline for all of five minutes. So you can see how these DDoSs are really hard on a server and can take them down but not for very long if you can stop them
Type of DDoS attack
DNS Amplification Attack
Specialised DDoS that allows an attacker to initiate DNS requests from a spoof IP address to flood a website
In an Amplified DDoS attack, the attacker exploits the connectionless nature of the User Datagram Protocol (UDP). They send a small packet of information that appears to originate from the victim’s IP address to a vulnerable UDP server. The server then sends a significantly larger packet of information back to the victim’s IP address, effectively amplifying the size of the data packet and the impact of the attack.
Surviving and Preventing DoS and DDoS Attacks
Black Hole or Sinkhole
● Routes attacking IP traffic to a non-existent server through a null interface
● Effective but temporary solution
Surviving and Preventing DoS and DDoS Attacks
Intrusion Prevention Systems
Can identify and respond to DoS attacks for small-scale incidents
Surviving and Preventing DoS and DDoS Attacks
Elastic Cloud Infrastructure
● Scaling infrastructure when needed to handle large-scale attacks
● May result in increased costs from service providers
Surviving and Preventing DoS and DDoS Attacks
Specialised Cloud Service Providers
● Providers like CloudFlare and Akamai offer DDoS protection services
● Provide web application filtering, content distribution, and robust
network defenses
● Help organisations withstand DDoS and high-bandwidth attacks
