Ch. 7 Denial-of-Service Attacks
2000 DoS Attacks: T/F: The attacks were allegedly perpetrated by teenagers.
TRUE
T/F: *Source address spoofing* requires network engineers to specifically query flow information from their routers.
TRUE
T/F: Network performance is noticeably affect in flooding ping command attacks.
TRUE
Source Address Spoofing: An attacker generates large volumes of __________ that have the target system as the destination address.
packets
*UDP flood* uses UDP packets directed to some ______ _______ on the target system.
port number
DDoS on Mastercard and Visa: LOIC bots used were directed to download DDoS ___________ and take instructions from a master.
software
___________ _____________ __________ uses forge source addresses, usually via the *raw socket interface* on operating systems. It makes attacking systems harder to identify.
source address spoofing
Denial-of-Service (DoS) resources: A(n) _____________ ____________ attack aims to overload or crash the network handling software.
system resources
SYN spoofing is an attack on ___________ _____________, specifically the network handling code in the operating system.
system resources
What is the intent of flooding attacks?
to overload the network capacity on some link to a server
*TCP SYN flood* sends TCP packets to the target system. Total __________ of packets is the aim of the attack rather than the system code.
volume
Distributed denial of Service Attacks (DDoS): Attacker uses a flaw in operating system or in a common application to gain access and installs their program on it. This program is called a _____________.
zombie
*ICMP flood* is a ping flood using _________ _________ __________ packets.
ICMP echo request/reply
Denial-of-Service (DoS) resources: For most organizations, *network bandwidth* is their connection to their ___________ ___________ ______________.
Internet Service Provider (ISP)
In Feb 2000, there was a series of massive DoS attacks. Who was hit? (1) (2) (3) (4) (5) (6) (7) (8)
(1) Yahoo (2) Amazon (3) eBay (4) CNN (5) E*Trade (6) ZDNet (7) Datek (8) Buy.com
Denial-of-Service (DoS): Resources that could be attacked: (1) (2) (3)
(1) network bandwidth (2) system resources (3) application resources
DDoS on Mastercard and Visa: The attack was launched by a group of vigilantes called ______________, containing 5,000 to 10,000 people.
*Anonymous*
___________ __________ advertises routes to unused IP addresses to monitor attack traffic.
*backscatter traffic*
Distributed denial of Service Attacks (DDoS): When forming a ________ large collections systems under the control of one attacker's control can be created.
*botnet*
Denial-of-Service (DoS) resources: ___________ ____________ relates to the capacity of the network links connecting a server to the Internet.
*network bandwidth*
T/F: Only certain types of network packets can be used.
FALSE
T/F: The source of a flooding ping command is *always* clearly identified.
FALSE; the source is clearly identified *unless a spoofed address is used*.
The NIST Computer Security Incident Handling Guide defines _____________ as: *"an action that prevents or impairs the authorized use of networks, systems, or applications by exhausting resources such as central processing units (CPU), memory, bandwidth, and disk space."*
Denial-of-Service (DoS) Attack
Which type of DoS attacks uses multiple systems to generate attacks?
Distributed Denial of Service Attacks (DDoS)
DDoS on Mastercard and Visa: The DDos tool used is called _________, which are bots recruited via social engineering.
LOIC or "Low Orbit Ion Cannon"
DDoS on Mastercard and Visa: What was the motivation for the attack?
Payback, due to cut support of WikiLeaks after their founder was arrested on unrelated charges
________ spoofing attacks the ability of a server to respond to future connection requests by overflowing the tables used to manage them. Thus, legitimate users are denied access to the server.
SYN spoofing
Denial-of-Service (DoS) resources: A(n) ____________ _____________ attack typically involves a number of valid requests, each of which consumes significant resources, thus limiting the availability of the server to respond to requests from other users.
application resources
Denial-of-Service (DoS) is a form of attack on the _____________ of some service.
availability
ICMP Flood - Ping: Source sends ICMP _______ __________ message to the destination address. The Destination replies with an ICMP _______ ________ message.
echo request/ echo reply
Classic DoS attacks: The aim of a ____________ ___________ __________ attack is to overwhelm the capacity of the network connection to the target organization.
flooding ping command
A *flooding ping command* attack traffic can be handled by ___________ _______ ________ on the path, but packets are discarded as capacity decreases.
higher capacity links
*Flooding attacks* are based on ____________ __________ used.
network protocol