A server with the IP address of 10.10.2.4 has been having intermittent connection issues. The logs show repeated connection attempts from the following IPs:
10.10.3.16
10.10.3.23
212.178.24.26
217.24.94.83
These attempts are overloading the server to the point that it cannot respond to traffic. Which of the following attacks is occurring?
A.
XSS
B.
DDoS
C.
DoS
D.
Xmas
Explanation:
A Distributed Denial of Service (DDoS) attack is an attack from several different computers targeting a single computer.
One common method of attack involves saturating the target machine with external communications requests, so much so that it cannot respond to legitimate
traffic, or responds so slowly as to be rendered essentially unavailable. Such attacks usually lead to a server overload.
A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web
servers. Such an attack is often the result of multiple compromised systems (for example a botnet) flooding the targeted system with traffic. When a server is
overloaded with connections, new connections can no longer be accepted. The major advantages to an attacker of using a distributed denial-of-service attack are
that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine, and that the
behavior of each attack machine can be stealthier, making it harder to track and shut down. These attacker advantages cause challenges for defense
mechanisms. For example, merely purchasing more incoming bandwidth than the current volume of the attack might not help, because the attacker might be able
to simply add more attack machines. This after all will end up completely crashing a website for periods of time.
Malware can carry DDoS attack mechanisms; one of the better-known examples of this was MyDoom. Its DoS mechanism was triggered on a specific date and
time. This type of DDoS involved hardcoding the target IP address prior to release of the malware and no further interaction was necessary to launch the attack.
Incorrect Answers:
A: Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into
Web pages viewed by other users.
Cross-site scripting uses known vulnerabilities in web-based applications, their servers, or plug- in systems on which they rely. Exploiting one of these, attackers
fold malicious content into the content being delivered from the compromised site. When the resulting combined content arrives at the client-side web browser, it
has all been delivered from the trusted source, and thus operates under the permissions granted to that system. By finding ways of injecting malicious scripts into
web pages, an attacker can gain elevated access-privileges to sensitive page content, session cookies, and a variety of other information maintained by the
browser on behalf of the user. This is not what is described in the question. Therefore, this answer is incorrect.
C: The question states that the source of the traffic is multiple IP addresses. Therefore, this is a DDoS (Distributed Denial of Service) attack. A DoS (Denial of
Service) attack comes from a single IP address. Therefore, this answer is incorrect.
D: Some stateless firewalls only check against security policy those packets which have the SYN flag set (that is, packets that initiate connection according to the
standards). Since Christmas tree scan packets do not have the SYN flag turned on, they can pass through these simple systems and reach the target host.
A large number of Christmas tree packets can also be used to conduct a DoS attack by exploiting the fact that Christmas tree packets require much more
processing by routers and end-hosts than the ‘usual’ packets do.
This is not what is described in the question. Therefore, this answer is incorrect.http://en.wikipedia.org/wiki/Denial-of-service_attack
http://www.answers.com/Q/What_is_an_XMAS_attack_on_a_computer http://en.wikipedia.org/wiki/Cross-site_scripting