Deck 7: Denial-Of-Service Attacks

DoS attacks cause damage or destruction of IT infrastructures.

Slowloris is a form of ICMP flooding.

Flooding attacks take a variety of forms based on which networkprotocol is being used to implement the attack.

There is very little that can be done to prevent a flash crowd.

A denial-of-service attack is an attempt to compromise availability byhindering or blocking completely the provision of some service.

A SIP flood attack exploits the fact that a single INVITE requesttriggers considerable resource consumption.

Reflector and amplifier attacks use compromised systems running theattacker's programs.

The SYN spoofing attack targets the table of TCP connections on theserver.

Given sufficiently privileged access to the network handling code on acomputer system, it is difficult to create packets with a forged sourceaddress.

The best defense against being an unwitting participant in a DDoSattack is to prevent your systems from being compromised.

A DoS attack targeting application resources typically aims to overloador crash its network handling software.

The source of the attack is explicitly identified in the classic ping floodattack.

The attacker needs access to a high-volume network connection for aSYN spoof attack.

SYN-ACK and ACK packets are transported using IP, which is anunreliable network protocol.

A cyberslam is an application attack that consumes significantresources, limiting the server's ability to respond to valid requests fromother users.

_____ attacks flood the network link to the server with a torrent of malicious packets competing with valid traffic flowing to the server.

The four lines of defense against DDoS attacks are: attack prevention and preemption, attack detection and filtering, attack source traceback and identification and _______.

In reflection attacks, the ______ address directs all the packets at the desired target and any responses to the intermediary.

______ attacks are a variant of reflector attacks and also involve sending a packet with a spoofed source address for the target system to intermediaries.

A _______ flood refers to an attack that bombards Web servers with HTTP requests.

The ICMP echo response packets generated in response to a ping flood using randomly spoofed source addresses is known as _______ traffic.

The best defense against broadcast amplification attacks is to block the use of _______ broadcasts.

The standard protocol used for call setup in VoIP is the ________ Protocol.

Requests and _______ are the two different types of SIP messages.

During a ______ attack, the attacker sends packets to a known service on the intermediary with a spoofed source address of the actual target system and when the intermediary responds, the response is sent to the target.

To respond successfully to a DoS attack a good ______ plan is needed that includes details of how to contact technical personal for your ISP(s).

A ______ is a graphical puzzle used to attempt to identify legitimate human initiated interactions.

If an organization is dependent on network services it should consider mirroring and ________ these servers over multiple sites with multiple network connections.

Since filtering needs to be done as close to the source as possible by routers or gateways knowing the valid address ranges of incoming packets, an _______ is best placed to ensure that valid source addresses are used in all packets from its customers.

A _____ is an action that prevents or impairs the authorized use of networks, systems, or applications by exhausting resources such as central processing units, memory, bandwidth, and disk space.