Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
29 Cards in this Set
- Front
- Back
T/F: Email Flooding/bombing isn't a form of denial of service attack.
|
False, it is a form of DoS
|
|
Email "bombing" is
|
Email "bombing" is characterized by abusers repeatedly sending an identical email message to a particular address.
|
|
Email "spamming" is
|
Email "spamming" is a variant of bombing; it refers to sending email to hundreds or thousands of users (or to lists that expand to that many users
|
|
Email spamming can be made worse if
|
if recipients reply to the email, causing all the original addressees to receive the reply. It may also occur innocently, as a result of sending a message to mailing lists and not realizing that the list explodes to thousands of users, or as a result of an incorrectly set-up responder message (such as vacation(1)).
|
|
T/F: Email bombing/spamming may be combined with email "spoofing"
|
True
|
|
Describe what email flooding is
|
1. Attacker sends spoofed email
with error to 100’s of systems. 2. Systems return email to system that appears to have sent emails. 3. Target system goes down under load of too many emails. |
|
Denial of Service (DoS)
|
Attacks that deny legitimate users service and access to information resources.
|
|
Poisoned traffic
|
malformed or invalid data that can’t be properly handled
|
|
What DoS attack simply uses up all the available capacity?
a. brute-force resource b. poisoned traffic c. stateful resource |
a. Brute-force resource simply use up all available capacity
|
|
Stateful resource
|
take advantage of client/server relationship in protocols
|
|
Operating system attacks
|
target flaws in specific operating systems
|
|
Networking attacks
|
exploit inherent limitations of networking
|
|
T/F: An attacker can hide the source of an attack through IP spoofing
|
True
|
|
T/F: Attackers can also hide their identity by enslaving unwitting victims.
|
True
|
|
When an attacker uses many zombie agents together simultaneously the result is a
a. Denial of Service (DoS) b. Distributed Denial of Service (DDoS) attack |
b. DDoS
|
|
Describe how the attack worked against NT 4.0 running Microsoft’s Internet Information Server version 3.0
|
All that was required was for the user to request a document with a very long name from the server to halt it.
e.g. http://victim.com/?something=xxxxxx… |
|
Explain Ping of Death (POD)
|
POD accomplished by sending packet less than 64K.
Buffer overflow ensues causing reboot or crash |
|
T/F: ICMP Packet isn't considered part of IP layer
|
False
|
|
ICMP Packet communicates
|
error messages and other conditions that require attention.
|
|
ICMP messages are usually acted on by either the what layer(s)?
|
IP layer or the higher layer protocol.
|
|
Describe what a Smurf/ping flooding/ICMP storm is.
|
EXPLOITS the PING Utlity
1. Attacker sends a large stream of spoofed ping packets to a broadcast address (an IP address that services a network of computers) 2. All of the packets have as their source address the target’s IP address. 3. Broadcast host will relay request to all hosts on network. 4. Hosts reply to the victim 5. Amount of data sent to victim is multiplied by a factor of the number of hosts in network 6. If multiple requests sent to broadcast host, target will be overloaded with replies 7. A Network/Brute-force attack |
|
SYN flooding exploits
|
Exploits the synchronization protocol used to initiate connections
|
|
Describe the normal process of SYN flooding
|
Initiator sends synchronization (SYN) packet
Target replies with a SYN/ACK (acknowledgement) Initiator sends ACK, two machines are now ready |
|
T/F: Syn_Flooder an example of SYN Flooding attack
|
True
|
|
tribal flood network (TFN) DDoS is made up of
|
TFN is made up of client and daemon programs, which implement a distributed network denial of service tool capable of waging ICMP flood, SYN flood, UDP flood, and Smurf style attacks
|
|
Remote control of a TFN is accomplished via
|
via command line execution of the client program, using any of a number of connection methods
|
|
Communication from the TFN client to daemons is accomplished via
|
ICMP_ECHOREPLY (why?) packets.
|
|
What are 3 ways to protect yourself from DoS and DDoS
|
a. Best way would seem to be to stop the attack before it happens
b. Block “marching orders” c. Block the attack at the source |
|
Name 5 things to mitigate the Effects of DoS
|
1. Acknowledges that we can’t stop DoS
2. Harden the network 3. Avoid putting “all of your eggs in one basket” 4. Use Load balancers 5. Adjust state limits (e.g. wait time) |