An administrator is assigned to monitor servers in a data center. A web server connected to the
Internet suddenly experiences a large spike in CPU activity. Which of the following is the MOST
likely cause?
A.
Spyware
B.
Trojan
C.
Privilege escalation
D.
DoS
Explanation:
A Distributed Denial of Service (DDoS) attack is a DoS attack from multiple computers whereas a
DoS attack is from a single computer. In terms of the actual method of attack, DDoS and DoS
attacks are the same.
One common method of attack involves saturating the target machine with external
communications requests, so much so that it cannot respond to legitimate traffic, or responds so
slowly as to be rendered essentially unavailable. Such attacks usually lead to a server overload.
A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or
resources of a targeted system, usually one or more web servers. Such an attack is often the
result of multiple compromised systems (for example a botnet) flooding the targeted system with
traffic. When a server is overloaded with connections, new connections can no longer be
accepted. The major advantages to an attacker of using a distributed denial-of-service attack are
that multiple machines can generate more attack traffic than one machine, multiple attack
machines are harder to turn off than one attack machine, and that the behavior of each attack
machine can be stealthier, making it harder to track and shut down. These attacker advantages
cause challenges for defense mechanisms. For example, merely purchasing more incoming
bandwidth than the current volume of the attack might not help, because the attacker might be
able to simply add more attack machines. This after all will end up completely crashing a website
for periods of time.
Malware can carry DDoS attack mechanisms; one of the better-known examples of this was
MyDoom. Its DoS mechanism was triggered on a specific date and time. This type of DDoS
involved hardcoding the target IP address prior to release of the malware and no further
interaction was necessary to launch the attack.