CS6262 Exam Lecture exam with correct |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
answers
RPKI - correct answers• Secure AS for BGP
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
• AS obtain a cert (ROA) from regional authority (RIR)
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Name two types of amplification attacks and describe them. - correct answersDoS Bug: Design flaw
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
allowing one Machine to disrupt a service |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
DoS Flood: Command botnet to generate flood of requests.
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Describe a DoS attack at the link layer (L2) - correct answersSimply sends a significant amount of
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
traffic to saturate the link. |||\\\ |||\\\ |||\\\ |||\\\
Describe a DoS attack at the TCP/UDP layer. - correct answersSend a significant amount of TCP traffic
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
to consume resources (memory) of the server.
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Describe a DoS attack at the application layer. - correct answersSend many requests for data to
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
exhaust server resources. |||\\\ |||\\\
Compare and contrast UDP and TCP - correct answersTCP - UDP |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Session Based - Connectionless |||\\\ |||\\\ |||\\\
Congestion control - Unreliable |||\\\ |||\\\ |||\\\
In order delivery - Best Effort
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Well known SYN flood attack - correct answersMS Blaster work (2003)
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
• SYN flood on port 80 to windowsupdate.com
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
• 50 syn packets per second at 40 bytes a piece
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
, What methods can be used to defend against low rate SYN flood defenses? - correct answers•
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Syncookies: remove state from server |||\\\ |||\\\ |||\\\ |||\\\
What is a syncookie? What does it prevent? - correct answersA SYN cookie is a specific choice of
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
initial TCP sequence number by TCP software
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Prevents low rate SYN flood. |||\\\ |||\\\ |||\\\ |||\\\
Idea: use secret key and data in packet to generate server SYN
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
What advantage does a proxy (Prolexic/CloudFare) provide in case of a DoS attack? - correct
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
answersThe proxy will only forward established connections (three way handshake) to the back end |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
server thus preventing TCP SYN floods. |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
What is a disadvantage (to the attacker) of performing an HTTP DoS attack? - correct answersAttacker
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
can no longer use random source IPs
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Reveals location of bot zombies. |||\\\ |||\\\ |||\\\ |||\\\
Proxy can now block or rate-limit bots.
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
DoS via route hijacking - correct answersIntentionally advertising more specific BGP routes to force
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
traffic intended for a service to be destined for a different end point.
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Pakistan accidentally did this when creating a BGP route that covered youtube's IP address causing all
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
traffic intended for YouTube to route to Pakistan.
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
List and describe common DoS mitigation methods - correct answersClient Puzzles
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
CAPTCHA
Source identification |||\\\
Traceback
Edge Sampling |||\\\
answers
RPKI - correct answers• Secure AS for BGP
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
• AS obtain a cert (ROA) from regional authority (RIR)
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Name two types of amplification attacks and describe them. - correct answersDoS Bug: Design flaw
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
allowing one Machine to disrupt a service |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
DoS Flood: Command botnet to generate flood of requests.
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Describe a DoS attack at the link layer (L2) - correct answersSimply sends a significant amount of
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
traffic to saturate the link. |||\\\ |||\\\ |||\\\ |||\\\
Describe a DoS attack at the TCP/UDP layer. - correct answersSend a significant amount of TCP traffic
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
to consume resources (memory) of the server.
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Describe a DoS attack at the application layer. - correct answersSend many requests for data to
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
exhaust server resources. |||\\\ |||\\\
Compare and contrast UDP and TCP - correct answersTCP - UDP |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Session Based - Connectionless |||\\\ |||\\\ |||\\\
Congestion control - Unreliable |||\\\ |||\\\ |||\\\
In order delivery - Best Effort
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Well known SYN flood attack - correct answersMS Blaster work (2003)
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
• SYN flood on port 80 to windowsupdate.com
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
• 50 syn packets per second at 40 bytes a piece
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
, What methods can be used to defend against low rate SYN flood defenses? - correct answers•
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Syncookies: remove state from server |||\\\ |||\\\ |||\\\ |||\\\
What is a syncookie? What does it prevent? - correct answersA SYN cookie is a specific choice of
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
initial TCP sequence number by TCP software
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Prevents low rate SYN flood. |||\\\ |||\\\ |||\\\ |||\\\
Idea: use secret key and data in packet to generate server SYN
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
What advantage does a proxy (Prolexic/CloudFare) provide in case of a DoS attack? - correct
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
answersThe proxy will only forward established connections (three way handshake) to the back end |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
server thus preventing TCP SYN floods. |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
What is a disadvantage (to the attacker) of performing an HTTP DoS attack? - correct answersAttacker
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
can no longer use random source IPs
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Reveals location of bot zombies. |||\\\ |||\\\ |||\\\ |||\\\
Proxy can now block or rate-limit bots.
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
DoS via route hijacking - correct answersIntentionally advertising more specific BGP routes to force
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
traffic intended for a service to be destined for a different end point.
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
Pakistan accidentally did this when creating a BGP route that covered youtube's IP address causing all
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
traffic intended for YouTube to route to Pakistan.
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
List and describe common DoS mitigation methods - correct answersClient Puzzles
|||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\ |||\\\
CAPTCHA
Source identification |||\\\
Traceback
Edge Sampling |||\\\
