MIS4800 CH. 4 Denial of Service

Ace your homework & exams now with Quizwiz!

A. Denial of Service

What is one of the most common and simplest attacks on a system? A. Denial of Service B. Buffer overflow C. Session hacking D. Password cracking

B. Computers can only handle a finite load.

What is the basic mechanism behind a DoS attack? A. Computers don't handle TCP packets well. B. Computers can only handle a finite load. C. Computers cannot handle large volumes of TCP traffic. D. Computers cannot handle large loads

A. Distributed denial of service

What is the most common class of DoS attacks? A. Distributed denial of service B. Smurf attacks C. SYN floods D. Ping of death

D. The attack must be sustained.

What is the most significant weakness in a DoS attack from the attacker's viewpoint? A. The attack is often unsuccessful. B. The attack is difficult to execute. C. The attack is easy to stop. D. The attack must be sustained.

A. Ping of death

What type of attack is dependent on sending packets too large for the server to handle? A. Ping of death B. Smurf attack C. Slammer attack D. DDoS

D. DDoS

What type of attack uses Internet routers to perform a DoS on the target? A. Ping of death B. Smurf attack C. Slammer attack D. DDoS

A. Stack tweaking

What type of defense depends on changing the server so that unfinished handshaking times out sooner? A. Stack tweaking B. RST cookies C. SYN cookies D. Hash tweaking

C. SYN cookies

What type of defense depends on sending the client an incorrect SYNACK? A. Stack tweaking B. RST cookies C. SYN cookies D. Hash tweaking

C. Smurf attack

Which attack mentioned in this chapter causes a network to perform a DoS on one of its own servers? A. SYN flood B. Ping of death C. Smurf attack D. DDoS

A. MyDoom virus

Which of the following is an example of a DDoS attack? A. MyDoom virus B. Bagle virus C. DoS virus D. Smurf virus

C. Maximum voltage

Which of the following is not a valid way to define a computer's workload? A. Number of simultaneous users B. Storage capacity C. Maximum voltage D. Speed of network connection

A. MyDoom virus

Which of the following was rated by many experts to be the fastest growing virus on the Internet? A. MyDoom virus B. Bagle virus C. Slammer virus D. Smurf virus

MyDoom

An DDoS attack on SCO which used between 500,000 to 1,000,000 infected machines. A response to SCO demanding license fees on what seemed to be parts of SCO UNIX in other distributions of UNIX.

Denial of Service (DOS) Attack

An attack that seeks to prevent legitimate users from accessing a system by overloading the system with illegitimate requests.

Low Orbit Ion Cannon (LOIC)

Application used to launch a DoS attack. Very easy to use.

Teardrop Attack

Attacker sends two fragments of a message that overlap in such a way that when reconstructed, the header is destroyed. When the victim attempts to reconstruct the message it is destroyed and crashes or halts the system.

TCP SYN Flood Attack

Attempts to flood a system with TCP packets with synchronize set.

Stacheldraht

German for "Barbed Wire." It combines elements from multiple well known DDoS tools into one package that performs a variety of attacks such as: UDP Flood, ICMP Flood, TCP SYN Flood, Smurf attacks.

D. It will prevent an attack from propagating across network segments.

How can securing internal routers help protect against DoS attacks? A. Attacks cannot occur if your internal router is secured. B. Because attacks originate outside your network, securing internal routers cannot help protect you against DoS. C. Securing the router will only stop router-based DoS attacks. D. It will prevent an attack from propagating across network segments.

XOIC

Similar to LOIC, it also allows the user to launch DoS attacks.

Smurf IP Attack

A DoS attack that sends out an ICMP echo packet to an intermediary's IP broadcast addresses which will echo it out to the other machines in the system in order to congest the network the target machine is on and ultimately deny legitimate requests.

UDP Flood Attack

A UDP packet is sent to a port that is not running anything, generating an ICMP packet of "destination is unreachable." Using many UDP packets can slow the system down (it has to determine the proper application, which does not exist).

D. Hash tweaking

A defense that depends on a hash encryption being sent back to the requesting client is called what? A. Stack tweaking B. RST cookies C. SYN cookies D. Hash tweaking

Stack Teaking

A way to defend against TCP SYN flood attacks. Alters the TCP stack in order to time out incomplete SYN requests quickly.

Micro Blocks

A way to defend against TCP SYN flood attacks. It attempts to limit the effects of the attack by allocating very little space to requests (as opposed to a full connection).

SYN Cookies

A way to defend against TCP SYN flood attacks. It sends a cookie with its SYN+ACK packet and if a matching cookie is returned with ACK packet from the client, it will establish a complete connection. NOTE: the system does not fully allocate memory until the third step of the TCP handshake.

RST Cookies

A way to defend against TCP SYN flood attacks. The server sends back an incorrect SYN+ACK packet back to client. If the client is legitimate, they should respond with a RST (reset) packet and can continue connecting.

C. SYN flood attack

Leaving a connection half open is referred to as what? A. Smurf attack B. Partial attack C. SYN flood attack D. DDoS attack

Land Attack

Not applicable to modern computers, attempts to crash the system by having it send messages to and from itself.

Distributed Denial of Service (DDoS) Attack

Same principal as a DoS attack, just executed with multiple attackers. It is popular to use botnets in order to carry out such a thing.

Ping of Death

Sending a very large packet that the target cannot handle.

ICMP Flood Attack

Two types: flood, nuke. Flood: large number of pings or UDP packets. Nuke: exploits bugs in the O.S. (sends a packet the O.S. cannot handle).

TFN2K

Used to launch DoS attacks. Can be used to instruct agent machines to flood a target. Harder to counteract due to some security measures such as: master IP spoofing, encryption of master-agent contact, communications and attacks can be randomly sent via TCP, UDP, and ICMP packets.

A. SYN cookies, RST cookies, and stack tweaking

What are three methods for protecting against SYN flood attacks? A. SYN cookies, RST cookies, and stack tweaking B. SYN cookies, DoS cookies, and stack tweaking C. DoS cookies, RST cookies, and stack deletion D. DoS cookies, SYN cookies, and stack deletion

D. Disallow all traffic that comes from untrusted sources

What can you do to your internal network routers to help defend against DoS attacks? A. Disallow all traffic that is not encrypted B. Disallow all traffic that comes from outside the network C. Disallow all traffic that comes from inside the network D. Disallow all traffic that comes from untrusted sources

D. Block all incoming ICMP packets

What can you do with your firewall to defend against DoS attacks? A. Block all incoming traffic B. Block all incoming TCP packets C. Block all incoming traffic on port 80 D. Block all incoming ICMP packets

D. DDoS attack

What do you call a DoS launched from several machines simultaneously? A. Wide-area attack B. Smurf attack C. SYN flood D. DDoS attack

A. Because many denial of service attacks are conducted by using a Trojan horse to get an unsuspecting machine to execute the DoS

Why will protecting against Trojan horse attacks reduce DoS attacks? A. Because many denial of service attacks are conducted by using a Trojan horse to get an unsuspecting machine to execute the DoS B. Because if you can stop a Trojan horse attack, you will also stop DoS attacks C. Because a Trojan horse will often open ports allowing a DoS attack D. Because a Trojan horse attacks in much the same way as a DoS attack


Related study sets

MITOCHONDRIA IS THE POWERHOUSE OF THE CELL

View Set

Logistics Midterm Study Questions Mahesh

View Set

Other Federal and State Regulations

View Set

Cognitive Science Chapter 12 & 13

View Set

Trådløs kommunikasjon naturfag

View Set

owners + masters [frederick douglass]

View Set