Denial of Service and DDoS Attacks

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

how does flooding occur?

occurs because the incoming bandwidth is insufficient or resources—hardware devices, computing power, software, or table capacity—are inadequate.

overload / flood attack

occurs from demand in excess of capacity, from malicious or natural causes (classified as volumetric)

volume based attacks

overwhelming basic network capacity

botmasters

people who infect machines to turn them into bots

thrasing

performance fails because of nearly continuous switching

blocked access

prevention of a service from functioning

next hop

router determining the best next path to which t direct a data unit

context awitching

switching from one application to another

command-and-control center

the bot headquarters; instructs specific machines to target a particular victim at a given time and duration. bots can either be pushed or pulled, with each bot responsible for periodically calling home to a controller to determine if there is work to do.

DNS (Domain Name System)

the database of translations of Internet names to addresses, and the DNS protocol resolves the name to an address

malicious autonomous mobile agents

working largely on their own, these programs infect computers anywhere they can access, causing denial of service and other harm

ICMP (Internet Control Message Protocol) includes what?

•ping, which requests a destination to return a reply, intended to show that the destination system is reachable and functioning • echo, which requests a destination to return the data sent to it, intended to show that the connection link is reliable (ping is actually a version of echo) • destination unreachable, which indicates that a destination address cannot be accessed • source quench, which means that the destination is becoming saturated and the source should suspend sending packets for a while

source routing

Allows a sender of a packet to specify the route the packet takes through the network versus routers determining the path.

Berkeley Internet Name Domain (BIND)

An Internet naming system that performs name resolution, for unix

smurf attack

An attack that broadcasts a ping request to all computers on the network yet changes the address from which the request came to that of the target.

denial of service attack

An attempt to overwhelm a computer system or network with excessive communications in order to deny users access, thus defeating availability

strict source routing

IP protocol header option that allows sender to specify the exact route a packet should take to its destination.

ping of death

- type of DoS attack - over-sized ICMP packets are sent to the victim. Systems that are vulnerable to this type of attack do not know how to handle ICMP packets over a specific size and may freeze or reboot - Countermeasures are to patch the systems and implement filtering to detect these types of packets

two things used to mount a distributed denial-of-service attack

1. conscript an army of compromised machines to attack a victim 2. attacker sends a signal to all the zombies to launch the attack

botnets

networks of bots, are used for massive denial-of-service attacks, implemented from many sites working in parallel against a victim

Internet Control Message Protocol (ICMP)

Normally used for system diagnostics, these protocols do not have associated user applications

DNS spoofing,

Unauthorized changes to the DNS

syn flood

a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic.

DNS cache poisoning

an incorrect name-to-address DNS conversion is placed in and remains in a translation cache

counter measure to DNA cache poisoning

an unpredictable series of sequence numbers, preferable drawn from a large range of possibilities

targets of flooding attack

application, os or one of its components, or network appliance (router)

echo-chargen

attack works between two hosts

session hijack

attacker allows an interchange to begin between two parties but then diverts the communication

teardrop

attacker sends a series of datagrams that cannot fit together properly.

DNS poisoning

attackers try to insert inaccurate entries into that cache so that future requests are redirected to an address the attacker has chosen

protecting against session hijacking

by concealing connecting data within the application and by hiding the header data

loose source rougting

certain (small or all) required intermediate points are specified

distributed denial-of-service (DDoS) attack

change the balance between adversary and victim by marshaling many forces on the attack side

zombie

compromised systems running pieces of malicious code under remote control. these code objects are Trojan horses that are distributed to large numbers of victims' machines. often undetected because they may not interfere with or harm a user's computer

inoculation agent

developer involved initially to set up the process and, usually, to establish a scheme for updates for code

scripted DDoS attack

easily launched from scripts. one can easily write a procedure to plant a trojan horse that can launch any or ll of the DDoS attacks

DOS attack types

excessive volume, failed application, severed link, hardware or software failure

application based attack

exhaust the application that services a particular network

three root threats to availability

insufficient capacity; overload blocked access unresponsive component


Ensembles d'études connexes

Getting Started with Excel Tutorial One

View Set

Statistics Math 125 - Module 1 Homework 1.6

View Set

Chp 16: Reentry into the Community

View Set

STAAR Vocab English 9th grade: Set 1

View Set

Chapter 1: General Principles of Pharmacology - PrepU

View Set

5.7A Formación de rocas sedimentarias y combustibles fósiles

View Set

Bones of the upper limbs or upper extremities

View Set