Exam 7: Denial-Of-Service Attacks

A denial-of-service attack is an attempt to compromise availability by hindering or blocking completely the provision of some service.

In both direct flooding attacks and ______ the use of spoofed source addresses results in response packets being scattered across the Internet and thus detectable.

Modifying the system's TCP/IP network code to selectively drop an entry for an incomplete connection from the TCP connections table when it overflows,allowing a new connection attempt to proceed is _______.

Since filtering needs to be done as close to the source as possible by routers or gateways knowing the valid address ranges of incoming packets,an _______ is best placed to ensure that valid source addresses are used in all packets from its customers.

The ______ attacks the ability of a network server to respond to TCP connection requests by overflowing the tables used to manage such connections.

A cyberslam is an application attack that consumes significant resources,limiting the server's ability to respond to valid requests from other users.

The SYN spoofing attack targets the table of TCP connections on the server.

_______ bandwidth attacks attempt to take advantage of the disproportionally large resource consumption at a server.

The four lines of defense against DDoS attacks are: attack prevention and preemption,attack detection and filtering,attack source traceback and identification and _______.

Slowloris is a form of ICMP flooding.

_____ attacks flood the network link to the server with a torrent of malicious packets competing with valid traffic flowing to the server.

Flooding attacks take a variety of forms based on which network protocol is being used to implement the attack.

To respond successfully to a DoS attack a good ______ plan is needed that includes details of how to contact technical personal for your ISP(s).

_______ is a text-based protocol with a syntax similar to that of HTTP.

If an organization is dependent on network services it should consider mirroring and ________ these servers over multiple sites with multiple network connections.

The source of the attack is explicitly identified in the classic ping flood attack.

Using forged source addresses is known as _________.

It is possible to specifically defend against the ______ by using a modified version of the TCP connection handling code.

A characteristic of reflection attacks is the lack of _______ traffic.

Given sufficiently privileged access to the network handling code on a computer system,it is difficult to create packets with a forged source address.