2.4 – Social Engineering - Denial of Service

Questions and Answers

What is a primary motivation for a competitor to launch a denial-of-service (DoS) attack against a company's website?

• To redirect customers to their own website by making the competitor's site unavailable. (correct)
• To publicly expose sensitive data stored on the website.
• To demand a ransom from the company in exchange for stopping the attack.
• To test the website's security vulnerabilities.

Which scenario exemplifies an accidental denial-of-service (DoS) incident within an organization?

• A network administrator incorrectly configuring firewall rules to block all incoming traffic.
• An employee inadvertently creating a network loop by plugging in the wrong cables. (correct)
• A disgruntled employee intentionally deleting critical system files.
• A server exceeding its storage capacity due to unmanaged log files.

Why is filtering a distributed denial-of-service (DDoS) attack more challenging than filtering a DoS attack from a single source?

• DDoS attacks always exploit zero-day vulnerabilities, making them undetectable.
• DDoS attacks originate from numerous, dispersed devices, making it difficult to block all sources. (correct)
• DDoS attacks target vulnerabilities in hardware, which cannot be patched.
• DDoS attacks use encrypted traffic, preventing the identification of malicious patterns.

What is the primary function of a botnet in the context of distributed denial-of-service (DDoS) attacks?

To control a large number of compromised computers and direct them to flood a target with traffic. (C)

What was a notable characteristic of the Zeus botnet-related DDoS attacks?

The attacks utilized computers infected without the owners' knowledge, spanning across various geographic locations. (D)

What is a significant challenge in resolving a DDoS attack originating from a botnet?

Cleaning the malware from each infected device across the globe. (D)

Besides cleaning infected systems, what proactive measure can be taken to counter DDoS attacks?

Filtering out the DDoS attack based on specific traffic patterns. (D)

How do Internet Service Providers (ISPs) contribute to mitigating DDoS attacks?

By implementing technologies to detect and reduce the impact of DDoS attacks at the network level. (D)

What role might a third-party service like Cloudflare play in mitigating DDoS attacks against an organization?

Offering tools to mitigate or block the DDoS attack. (B)

Besides overwhelming a service with traffic, what other method might an attacker use to cause a denial of service?

Exploiting a software vulnerability to crash the service. (D)

Flashcards

Denial of Service (DoS)

An attack that causes a service to fail by overloading it or exploiting a vulnerability.

Distributed Denial of Service (DDoS)

Using numerous devices from different locations to conduct a denial of service attack.

Botnet

A network of compromised computers used to perform tasks, often without the owners' knowledge.

DDoS Mitigation

Analyzing traffic patterns to identify and block DDoS attacks.

IP Address Filtering

Filtering out an attack by blocking the source IP address. Useful for single-source attacks, not DDoS.

Zeus Botnet

A type of botnet that infected millions of PCs and was used for DDoS attacks.

Accidental DoS

Unexpected events that disrupt network services due to unintentional misconfigurations or accidents.

Study Notes

• A denial of service occurs when an attacker causes a service to fail, either by overloading it or exploiting a design flaw or vulnerability.
• Denial of service attacks can be motivated by competition or used to circumvent security rules for unauthorized network access.
• Denial of service attacks can be as simple as cutting off the power to a building.
• Plugging in the wrong cables in a wiring closet can cause a loop, which brings down an entire network.
• Downloading multiple gigabytes of a Linux distribution on a network with limited bandwidth, can cause a self inflicted denial of service.
• Water line breaks in data centers can cause denial of service.
• Attackers use many devices to cause a distributed denial of service (DDoS).
• DDoS attacks use devices from different locations around the world.
• Attackers use botnets to take control of users' computers without their knowledge to perform DDoS attacks.
• The Zeus botnet infected over 3.6 million PCs and launched DDoS attacks from different locations.
• Resolving a DDoS attack would require contacting and cleaning every infected system.
• Internet service providers (ISPs) mitigate the impact of DDoS attacks at the ISP level.
• Third-party services like Cloudflare can mitigate or block denial of service attacks.