Computer Security CS433, Chapter 7 - DoS Attacks

Questions and Answers

What is the primary objective of an amplification attack?

To intercept packets from the target without detection

To increase bandwidth consumption from a low volume to a high volume (correct)

To establish a secure connection with the target system

To redirect traffic through intermediate servers for surveillance

Which port is typically associated with the echo service used in reflector attacks?

Port 25

Port 80

Port 7 (correct)

Port 53

What can help prevent most reflector attacks?

Allowing multicast traffic on the network

Using network-based and host-based firewall rulesets (correct)

Setting up a proxy server for all incoming requests

Implementing strong encryption protocols

In a DNS Reflection Attack, which aspect of the attack is exploited?

The ability to spoof source IP addresses

What is a potential consequence of incorrectly configured DNS servers in the context of reflection attacks?

Creation of a self-contained loop between the intermediary and the target

What is the primary goal of a denial-of-service (DoS) attack?

To prevent or impair authorized use of services

Which of the following is a common target of a denial-of-service attack?

Network bandwidth

What distinguishes a distributed denial-of-service (DDoS) attack from a standard DoS attack?

DDoS uses multiple attacking sources

In the context of DoS attacks, what is a flooding attack?

An attack that sends a large volume of traffic to overwhelm a target

What is one approach for defending against denial-of-service attacks?

Implementing constant network monitoring

Which of the following best describes an application-based bandwidth attack?

Creating excessive data requests to exhaust application bandwidth

What is a key characteristic of reflector and amplifier attacks in the context of DoS?

They amplify the attacker's signals through exploited servers

What is the primary consequence of DDoS attacks on a server?

Inability to respond to connection requests

What role do 'zombies' play in DDoS attacks?

They are compromised systems that execute commands from an attacker.

Which method is commonly used to create large-scale DDoS attacks?

Employing multiple compromised systems

What is a suggested countermeasure against becoming part of a DDoS attack?

Regularly updating and patching systems

What type of flooding attack is characterized by overwhelming a target with UDP packets?

UDP flood

What is the term used for a network of compromised systems controlled by an attacker?

Botnet

Which of the following is a resource-consuming attack technique applicable to denial-of-service?

SIP flood

Which aspect is crucial for defending against unwanted DDoS participation?

Maintaining good system security practices

Which attack mentioned relies on sending a high volume of Internet Control Message Protocol (ICMP) packets?

ICMP flood

What is the function of malware in a DDoS attack?

To control compromised systems remotely

What is the primary goal of a cyberslam attack?

To generate a large volume of packets aimed at overwhelming the server

Which attack specifically targets a network server's ability to manage TCP connection requests?

SYN Flooding

What adverse effect does flooding attacks typically have on network resources?

Failure of legitimate connection requests

How does the server become incapacitated during a flooding attack?

By being overwhelmed with malicious packets

What happens to valid traffic during a flooding attack?

It is usually discarded due to congestion

Flooding attacks vary based on which aspect?

The network protocol used

Which type of attack aims to exhaust the resources of the server's network handling code?

SYN Spoofing

What is a characteristic feature of SYN Flooding attacks?

They overwhelm the connection management tables

What must happen for a server affected by a crash due to an attack to resume operations?

It needs to be restarted

What is the primary goal of a Slowloris attack?

To monopolize web server threads by sending incomplete requests

How does a Slowloris attack consume server resources?

By sending requests that require extensive reading and memory usage

What is the effect of the recursive HTTP flood variant of the Slowloris attack?

It follows links on a website in a recursive manner

What role do reflectors play in reflector and amplifier attacks?

They amplify the size of the attack's response packets

What is the main operational difference between DDoS attacks and reflector attacks?

DDoS attacks use compromised intermediary systems, while reflector attacks do not

What advantage does an attacker gain from using a service that creates larger response packets in a reflector attack?

Greater likelihood of overwhelming the target's network link

What is the key characteristic of the packets sent by an attacker in a reflector attack?

They have a spoofed source address

In the context of HTTP requests, what does the term 'spidering' refer to?

The process of crawling a website to collect data

What is a notable consequence of a successful Slowloris attack on a web server?

Denial of access for legitimate users

Study Notes

Computer Security CS433, Chapter 7 - Denial-of-Service Attacks (Parts 1 & 2)

• Definition of Denial-of-Service (DoS) Attacks: A DoS attack aims to prevent or impair authorized network, system, or application use by depleting resources like CPU, memory, bandwidth, and disk space. Network services are typically targeted over network connections.

Attack Targets

• Network Bandwidth: Malicious traffic overwhelms legitimate traffic, denying access.
• System Resources: Attacks overload network handling software (e.g., SYN spoofing, poison packets).
• Application Resources: Exploits resource-intensive application operations (e.g., database queries, server bugs).

Attack Types

• Source Address Spoofing: Attackers use forged source addresses to mask their identity and flood the target with packets.

Flooding Attacks

• Nature: Overload network links or server response capacity with malicious traffic. Malicious packets cause routers to discard valid traffic.
• Examples: ICMP flood, UDP flood, TCP SYN flood.

Distributed Denial-of-Service (DDoS) Attacks

• Concept: Use multiple compromised systems (zombies) in a botnet to generate a larger attack volume.
• Mechanism: Attacker controls a network of compromised systems (zombies) for coordinated flooding attacks.

DDoS Attack Architecture

• Typically involves an attacker, handlers, and zombie systems targeting a victim.

Application-Based Bandwidth Attacks

• Concept: Exploit disproportionate resource consumption of application operations.
• Examples: SIP flood (Session Initiation Protocol flooding) and HTTP-based attacks (e.g., HTTP flood, Slowloris).

SIP Flood Attack

• Nature: Exploits resource-intensive SIP INVITE messages. Spoofed IP addresses or a botnet can flood SIP proxies with requests.

HTTP-Based Attacks

• HTTP Flood: A DDoS attack overwhelming a web server by flooding it with HTTP requests.
• Slowloris: Attempts to monopolize all available request-handling threads on a web server by sending HTTP requests that never complete.

Reflector and Amplifier Attacks

• Concept: Use intermediary systems (reflectors) to increase attack traffic volume against the target.
• DNS Reflection: Attackers send spoofed DNS requests to a DNS server, leveraging the server's response to flood the target.
• Amplification attacks: Exploits responses from legitimate servers to create a larger packet stream against the target.

Defenses Against DoS Attacks

• Prevention and Preemption: Implement policies for resource consumption, use backup resources.
• Traceback and Identification: Identify the source of attack to prevent future attacks (though slow).
• Detection and Filtering: Detect suspicious patterns during attacks, filtering likely attack packets.
• Reaction: Reduce effects after the attack occurs.

DDoS Countermeasures

• System Compromise Prevention: Maintain strong system security and keep software updated.

Description

This quiz covers Chapter 7 of Computer Security CS433, focusing on Denial-of-Service (DoS) attacks. Explore the definitions, types, and targets of DoS attacks, including their impact on network bandwidth, system, and application resources. Test your understanding of these critical security threats.