Malicious Activity Flashcards
Objective 2.4 - Page 267
DoS (Denial of Service) Definition
Used to describe an attack that attempts to make a computer or server’s resources unavailable
DDoS (Distributed Denial of Service) Variants
DoS, Amplified DDoS, Reflected DDoS
DNS Attack Types
- DNS Cache Poisoning
- DNS Amplification
- DNS Tunneling
- Domain Hijacking
- DNS Zone Transfer
Directory Traversal Attacks
Exploiting insufficient security validation of user-supplied input file names
Privilege Escalation Attack
Exploiting system vulnerability to gain elevated access
Replay Attacks
Type of network-based attack where valid data transmissions are maliciously or fraudulently re-broadcast, repeated, or delayed
Involves intercepting data, analyzing it, and deciding whether to retransmit it later
Application - Email \ Online shopping \ social media
Session Hijacking
Attacker takes over a user session to gain unauthorized access
Replay Vs Session Hijacking
- In a Session Hijack, the attacker alters real-time data transmission
- In a Replay Attack, the attacker intercepts the data and then can decide later whether to retransmit the data
Malicious Code Injection Attacks
Introduction of harmful code into a program or system
Indicators of Compromise (IoC)
(Examples listed)
Account lockout
Concurrent session usage
Blocked content
Impossible travel
Resource consumption
Inaccessibility
Out-of-cycle logging
Published documents indicating hacking
Missing logs
Ping Flood (Flood Attacks type)
Overloading a server with ICMP echo requests (pings)
Mitigation - often countered by blocking echo replies
SYN Flood (Flood Attacks type)
Initiating multiple TCP sessions but not completing the 3-way handshake and consumes server resources and prevents legitimate connections
Mitigation \ Countermeasures
- Flood guard \ Timeout configurations \ Intrusion Prevention systems.
Permanent Denial of Service (PDOS) Attack
Exploits security flaws to break a networking device permanently by re-flashing its firmware
Requires a full firmware reload to bring the device back online
Fork Bomb
Attack creates a large number of processes, consuming processing power
Not considered a worm, as it doesn’t infect programs or use the network
Self-replicating nature causes a denial of service condition
DNS Amplification
Specialized DDoS that allows an attacker to initiate DNS requests from a spoof IP address to flood a website
Surviving and Preventing DoS \ DDoS Attacks (page 270)
- Black Hole or Sinkhole
- IPS
- Elastic Cloud Infrastructure
- Specialized Cloud Service Providers
Black Hole or Sinkhole (Surviving and Preventing DoS\DDoS)
Routes attacking IP traffic to a non-existent server through a null interface and it is effective but temporary solution
DNS Cache Poisoning (DNS Spoofing)
Corrupts a DNS resolver’s cache with false information and redirects users to malicious websites
Mitigation - Use DNSSED (Domain Name System Security Extensions) to add digital signatures to DNS data
Mitigation - Implement secure network configurations and firewalls to protect DNS servers
DNS Amplification Attacks
Overwhelms a target system with DNS response traffic by exploiting the DNS resolution process
Spoofed DNS queries sent to open DNS servers
Mitigation - Limit the size of DNS responses \ Rate limit DNS response traffic to reduce the impact