2-3 Flashcards
the popularity for the syn flood attack is because any machine connected to the __________is vulnerable to the attack
internet
defense using ________ seeks to avoid syn floods by changing the was the server allocates memory for any given connection request
Micro blocks
instead of allocating a complete connection object the server is altered so that it only allocates a _____ record as small as __________
micro // 16 bytes
a common method of defending against DOS attacks is for the firewall or IDS to detect excessive traffic and _________
restrict bandwidth
defending using syn cookies. using this method the system does not automatically create a buffer space in the memory for the handshake. a syn cookie that is generated as a hash is sent with IP address, port number and other ifo for the server to verify, this was the system does not fully _______ resources to the handshake.
allocate
syn cookie is fairly intensive so admins expecting __________ should consider something else
heavy traffic
the syn cookie defense method is an example of the trade off between __________
performance and security
looks at all the packets from a given source
stateful packet inspection
the server sends the wrong SNYACK back to the client. the client should then generate a RST ( reset ) packet telling the sever that something is wrong. because the RST message is sent the server now know the traffic is legit.
defending with rst cookies
2 disadvantages to RST cookies defense
firewalls might block traffic // older windows machines commmunicate from behind a firewall
this defense method involves altering the TCP stack of the server so that it will take less time to timeout when the syn connection is left incomplete. this will only make executing a syn flood against a target more difficult. this method is often quite complicated to implement on some OS’s.
defending with stack tweaking
for the best defense against a DOS attack is a combination fo syn cookies and rst cookies because they __________
cover each other’s weaknesses
the smurf attack is named after the
first application first used to execute the attack
ICMP packet is sent out to the broadcast address of a network, but its return has been altered to match one of the computers on the net, most likely a key server. all computers on the net will then responds by pinging the target computer. because the address the packets are sent to is a broadcast address , the address responds by echoing the packet out of all hosts n the network who then send it to a spoofed source address.
smurf attack
