Ch. 7 Denial-of-Service Attacks

2000 DoS Attacks: T/F: The attacks were allegedly perpetrated by teenagers.

TRUE

T/F: *Source address spoofing* requires network engineers to specifically query flow information from their routers.

TRUE

T/F: Network performance is noticeably affect in flooding ping command attacks.

TRUE

Source Address Spoofing: An attacker generates large volumes of __________ that have the target system as the destination address.

packets

*UDP flood* uses UDP packets directed to some ______ _______ on the target system.

port number

DDoS on Mastercard and Visa: LOIC bots used were directed to download DDoS ___________ and take instructions from a master.

software

___________ _____________ __________ uses forge source addresses, usually via the *raw socket interface* on operating systems. It makes attacking systems harder to identify.

source address spoofing

Denial-of-Service (DoS) resources: A(n) _____________ ____________ attack aims to overload or crash the network handling software.

system resources

SYN spoofing is an attack on ___________ _____________, specifically the network handling code in the operating system.

system resources

What is the intent of flooding attacks?

to overload the network capacity on some link to a server

*TCP SYN flood* sends TCP packets to the target system. Total __________ of packets is the aim of the attack rather than the system code.

volume

Distributed denial of Service Attacks (DDoS): Attacker uses a flaw in operating system or in a common application to gain access and installs their program on it. This program is called a _____________.

zombie

*ICMP flood* is a ping flood using _________ _________ __________ packets.

ICMP echo request/reply

Denial-of-Service (DoS) resources: For most organizations, *network bandwidth* is their connection to their ___________ ___________ ______________.

Internet Service Provider (ISP)

In Feb 2000, there was a series of massive DoS attacks. Who was hit? (1) (2) (3) (4) (5) (6) (7) (8)

(1) Yahoo (2) Amazon (3) eBay (4) CNN (5) E*Trade (6) ZDNet (7) Datek (8) Buy.com

Denial-of-Service (DoS): Resources that could be attacked: (1) (2) (3)

(1) network bandwidth (2) system resources (3) application resources

DDoS on Mastercard and Visa: The attack was launched by a group of vigilantes called ______________, containing 5,000 to 10,000 people.

*Anonymous*

___________ __________ advertises routes to unused IP addresses to monitor attack traffic.

*backscatter traffic*

Distributed denial of Service Attacks (DDoS): When forming a ________ large collections systems under the control of one attacker's control can be created.

*botnet*

Denial-of-Service (DoS) resources: ___________ ____________ relates to the capacity of the network links connecting a server to the Internet.

*network bandwidth*

T/F: Only certain types of network packets can be used.

FALSE

T/F: The source of a flooding ping command is *always* clearly identified.

FALSE; the source is clearly identified *unless a spoofed address is used*.

The NIST Computer Security Incident Handling Guide defines _____________ as: *"an action that prevents or impairs the authorized use of networks, systems, or applications by exhausting resources such as central processing units (CPU), memory, bandwidth, and disk space."*

Denial-of-Service (DoS) Attack

Which type of DoS attacks uses multiple systems to generate attacks?

Distributed Denial of Service Attacks (DDoS)

DDoS on Mastercard and Visa: The DDos tool used is called _________, which are bots recruited via social engineering.

LOIC or "Low Orbit Ion Cannon"

DDoS on Mastercard and Visa: What was the motivation for the attack?

Payback, due to cut support of WikiLeaks after their founder was arrested on unrelated charges

________ spoofing attacks the ability of a server to respond to future connection requests by overflowing the tables used to manage them. Thus, legitimate users are denied access to the server.

SYN spoofing

Denial-of-Service (DoS) resources: A(n) ____________ _____________ attack typically involves a number of valid requests, each of which consumes significant resources, thus limiting the availability of the server to respond to requests from other users.

application resources

Denial-of-Service (DoS) is a form of attack on the _____________ of some service.

availability

ICMP Flood - Ping: Source sends ICMP _______ __________ message to the destination address. The Destination replies with an ICMP _______ ________ message.

echo request/ echo reply

Classic DoS attacks: The aim of a ____________ ___________ __________ attack is to overwhelm the capacity of the network connection to the target organization.

flooding ping command

A *flooding ping command* attack traffic can be handled by ___________ _______ ________ on the path, but packets are discarded as capacity decreases.

higher capacity links

*Flooding attacks* are based on ____________ __________ used.

network protocol