Denial of Service Attacks

Question 1

A ____________ attack is an attempt to compromise availability by hindering or blocking completely the provision of some service.

Answer 1

Denial-Of-serive (DoS)

Question 2

What are the three resources that can be targeted during a DoS?

Answer 2

Network Bandwidth
System resources
Application resources

Question 3

______ _______ relates to the capacity of the network links connecting a server to the wider Internet (ISP).

Answer 3

Network Bandwidth

Question 4

A form of system resource attack that uses packets whose structure triggers a bug in the system’s network handling software, causing it to crash.

Answer 4

Poison packet

Question 5

A common characteristic of packets used in many types of DoS attacks is the use of forged source addresses.

Answer 5

Source address spoofing

Question 6

The ability of a network server to respond to TCP connection request by overflowing the tables used to manage such connections.

Answer 6

SYN spoofing

Question 7

_______ attacks take a variety of forms, based on which network protocol is being used to implant the attack. In all cases the intent is generally to overload the network capacity on some link to a server.

Answer 7

Flooding

Question 8

What is the difference between SYN flooding attack and SYN spoofing attack.

Answer 8

In SYN flooding it is the total volume of packets that is the aim of the attack rather than the system code.

Question 9

What are three indirect attack types that utilize multiple systems?

Answer 9

Distributed denial-of-service
Reflector attacks
Amplifier attacks

Question 10

An _____ ______ refers to an attack that bombards Web servers with HTTP requests.

Answer 10

HTTP flood

Typically a DDos attack, with HTTP requests coming form many different bots.

Question 11

______ exploits the common server technique of using multiple threads to support multiple requests to the same server applications

Answer 11

Slowloris

Question 12

The attacker sends packets to a known service on the intermediary with a spoofed source address of the actual target system. When the intermediary responds, the response is sent to the target. Effectively this reflects the attack off the intermediary.

Answer 12

Reflection attack

Question 13

______ _______ are a variant of reflector attacks and also involve sending a packet with a spoofed source address for the target system to intermediaries.

Answer 13

Amplification attack

Question 14

What are the four lines of defense against DDoS attacks?

Answer 14

Attack prevention and preemption (before the attack)
Attack detection and filtering (during the attack)
Attack source traceback and identification (during and after the attack)
Attack reaction (after the attack)

Question 15

These mechanisms enable the victim to endure attack attempts without denying service to legitimate clients. Techniques include enforcing policies for resource consumption and providing backup resources available on demand. In addition, prevention mechanisms modify systems and protocols on the internet to reduce the possibility of DDoS attacks.

Answer 15

Attack prevention and preemption (before the attack)

Question 16

These mechanisms attempt to detect the attack as it begins and respond immediately. This minimizes the impact of the attack on the target. Detection involves looking for suspicious patterns of behavior. Response involves filtering out packets likely to be part of the attack.

Answer 16

Attack detection and filtering (during the attack)

Question 17

This is an attempt to identify the source of the attack as a first step in preventing future attacks. However, this method typically does not yield results fast enough, if at all, to mitigate an ongoing attack.

Answer 17

Attack source traceback and identification (during and after the attack)

Question 18

This is an attempt to eliminate or curtails the effects of an attack.

Answer 18

Attack reaction (after the attack)

Question 19

Relates to the capacity of the network links connecting a server to the internet

Answer 19

Network Bandwidth

Question 20

Aims to overload or crash the network handling software

Answer 20

System Resources

Question 21

Typically involves a number of valid requests, each of which consumes significant resources, thus limiting the ability of the server to respond to requests from other users.

Answer 21

Application resources

Question 22

Flooding ping command

Aim of this attack is to overwhelm the capacity of the network connection to the target organization.

Answer 22

Classic DoS Attacks

Question 23

Attacks the ability of a server to respond to future connection requests by overflowing the tables used to manage them.

Answer 23

SYN Spoofing

Question 24

What does ICMP stand for?

Answer 24

Internet Control Message Protocol

Question 25

Ping flood using _____ echo request packets. Traditionally network administrators allow such packets into their networks because ping is a useful network diagnostic

Answer 25

ICMP flood

Question 26

What are three different flooding attacks

Answer 26

ICMP flood
UDP flood
TCP SYN flood

Question 27

Uses _____ packets directed to some port number on the target system

Answer 27

UDP flood

Question 28

Sends _____ packets to the target system. Total volume of packets is the aim of the attack rather than the system code.

Answer 28

TCP SYN flood

Question 29

What does SIP stand for?

Answer 29

Session Initiation Protocol

Question 30

Attack that bombards Web servers with HTTP requests. Consumes considerable resources.

Answer 30

HTTP flood

Question 31

Use packets directed at a legitimate DNS server as the intermediary system. Attacker creates a series of DNS requests containing the spoofed source address of the target system. Exploit DNS behavior to convert a small request to a much larger response.

Answer 31

DNS Amplification Attacks