Question

Please, i need Unique answer, Use your own words (don't copy and paste).

*Please, don't use handwriting.

DDoS attack

Based on the Internet, access to the article intituled: ‘A survey on DDoS attack and defense strategies from traditional schemas to current techniques’.

1- Describe the DDoS attack.

2- Provide at least two exploited vulnerabilities used by hacker to perform the DDoS attack.

3- Provide at least two countermeasures against DDoS.

Answer 1

1- Describe the DDoS attack.

DDOS stands for Distributed Denial of Service. This is a security attack used by the hackers to compromise the availability of the targeted system or server. To make system or server inaccessible to others, the hacker will send high network traffic to the targeted system or server, so that it will be busy in responding to the request of the hacker and won't be able to take the legitimate request from other users. It is called distributed DOS because the malicious traffic is send from number of different system instead of one system, so that the victim is not able to identify any particular system to stop the attack.

2- Provide at least two exploited vulnerabilities used by hacker to perform the DDoS attack.

a. SYN Flood: DDOS attack using syn flood is very common. In this the hacker will send large number of TCP/SYN request to the targeted system, which will handle each packet as a new connection request. So the system will create a half open connection by sending TCP/SYN-ACK packet and wait for response from the sender. Because the sender of the connection request is malicious, so the response to complete the connection will never be received. These half open connection waiting for the response will exhaust the number of connection that can be established with the system, so it will become unreachable for other legitimate user

b. ICMP Echo Request attacks called as Smurf attack is one of the oldest method of executing DDOS attack. It is one form of reflected attack, because the malicious host sends the Echo Requests to the broadcast address of the mis-configured networks, which will force the other hosts to send Echo Reply packets to the victim system.

3- Provide at least two countermeasures against DDoS.

a. Blackhole routing

In this defense technique, all the request to the attacked system or DNS are routed to "black hole" (a non existing server or a null interface)

b. IDPS

Intrusion detection and prevention systems (IDPS) are the other defense technique to stop DDOS attack. IDPS detects the malicious request from the hacker and take appropriate measure to stop the security attack. For eg. If it analyze that huge no of connection request are coming from a particular network, the the connection is never established completely, the IDPS will drop all the request from the particular network for some time to stop the attack.