Denial-of-Service Flashcards
What are the three categories of Denial of Service attacks?
Volumetric Attacks, Protocol Attacks, and Application Layer Attacks
What is a volumetric attack?
Volumetric attacks achieve their goal by consuming the bandwidth of a target or service. Their magnitude is measured in bits per second and they can be either a flood attack or an amplification attack.
Examples of volumetric attacks include:
- UDP flood attack
- ICMP flood attack
- Ping of Death attack
- Smurf attack
- Pulse Wave attack
What is a protocol attack?
Protocol attacks consume other resources, like connection state tables in network hardware like load balancers, firewalls, or servers, in order to achieve their goal. These attacks are measured in packets per second.
Examples of protocol attacks include:
- Syn flood attack
- Fragmentation attack
- Spoofed session attack
- ACK flood attack
What is an application layer attack?
Application layer attacks consume the resources or services of an application in order to make the application unavailable to legitimate users. Application layer attacks are measured in requests per second.
Examples include:
- HTTP GET/POST attack
- Slowloris attack
- UDP application layer flood attack
What is a smurf attack?
A smurf attack involves sending ICMP ECHO requests to a network’s broadcast address while spoofing the source IP address, imitating the intended victim, in order to bring the victim offline.
What is a pulse-wave DDoS attack?
In a pulse wave DDoS attack, attackers send a highly repetitive, periodic train of packets as pulses to the target victim every 10 minutes, and each specific attack session can last for a few hours to days.
What is CORE Impact?
CORE Impact finds vulnerabilities in an organization’s web server. This tool allows a user to evaluate the security posture of a web server by using the same techniques currently employed by cyber criminals
What is NetVizor?
NetVizor is a desktop and child monitoring spyware that comes with an unparalleled task recording feature-set that in secret records everything employees do on your network
What is HULK?
HULK is a Denial of Service (DoS) tool used to attack web servers by generating unique and obfuscated traffic volumes and its generated traffic also bypasses caching engines and hits the server’s direct resource pool.
What is a phlashing attack?
Phlashing is a permanent denial of service (DoS) attack that exploits a vulnerability in network-based firmware updates. Such an attack is currently theoretical but if carried out could render the target device inoperable
What is back-chaining propogation (when referring to an attack toolkit transfer)?
In this technique, the attacker places an attack toolkit on their own system, and a copy of the attack toolkit is transferred to a newly discovered vulnerable system. The attack tools installed on the attacking machine use some special methods to accept a connection from the compromised system and then transfer a file containing the attack tools to it
What is central source propagation (when referring to an attack toolkit transfer)?
In this technique, the attacker places an attack toolkit on a central source and a copy of the attack toolkit is transferred to a newly discovered vulnerable system. Once the attacker finds a vulnerable machine, they instruct the central source to transfer a copy of the attack toolkit to the newly compromised machine, on which attack tools are automatically installed under management by a scripting mechanism.
What is spyware propagation (when referring to an attack toolkit transfer)?
As its name implies, spyware is installed without user knowledge or consent, and this can be accomplished by “piggybacking” the spyware onto other applications
What is autonomous propagation (when referring to an attack toolkit transfer)?
In autonomous propagation, the attacking host itself transfers the attack toolkit to a newly discovered vulnerable system, exactly at the time it breaks into that system.
What is RFC 3074 filtering?
RFC 3704 is a basic access-control list (ACL) filter, which limits the impact of DDoS attacks by blocking traffic with spoofed addresses.
