For this
exercise, you will perform research and develop a brief paper on the subject
described below.
A Denial of Service (DOS)
attack typically involves the misuse of standard TCP/IP protocols or connection
processes so that the target for the DOS attack responds in a way designed to
create maximum trouble. Read the TECHNICAL FOCUS 11-2 “Inside a DoS Attack” on
page 307 and become familiar with the five common types of TCP/IP attacks.
Information from page 307:
TECHNICAL FOCUS 11-2
Inside a DoS Attack
A DoS attack typically involves the
misuse of standard TCP/IP protocols or connection processes so that the target
for the DoS attack responds in a way designed to create maximum trouble. Five
common types of attacks include the following:
ICMP Attacks The network is flooded
with ICMP echo requests (i.e., pings) that have a broadcast destination address
and a faked source address of the intended target. Because it is a broadcast
message, every computer on the network responds to the faked source address so
that the target is overwhelmed by responses. Because there are often dozens of
computers in the same broadcast domain, each message generates dozens of
messages at the target.
UDP Attacks This attack is similar to
an ICMP attack, except that it uses UDP echo requests instead of ICMP echo
requests.
TCP SYN Floods The target is swamped
with repeated SYN requests to establish a TCP connection, but when the target
responds (usually to a faked source address), there is no response. The target
continues to allocate TCP control blocks, expects each of the requests to be
completed, and gradually runs out of memory.
UNIX Process Table Attacks This is
similar to a TCP SYN flood, but instead of TCP SYN packets, the target is
swamped by UNIX open connection requests that are never completed. The target
allocates open connections and gradually runs out of memory.
Finger of Death Attacks This is
similar to the TCP SYN flood, but instead, the target is swamped by finger
requests that are never disconnected.
DNS Recursion Attacks The attacker
sends DNS requests to DNS servers (often within the target’s network) but
spoofs the from address so the requests appear to come from the target computer
that is overwhelmed by DNS responses. DNS responses are larger packets than
ICMP, UDP, or SYN responses, so the effects can be stronger.
Source: Adapted from “Web Site
Security and Denial of Service Protection,” www.nwfusion.com.
Select one attack method and conduct
research using the Internet and libraries available through your Cougar-Track
account to develop a 900-1000-word (approximately 4 double space pages)
narrative of an actual attack which used the method you selected.
Use the following list of significant
points to consider as you create your paper.
1.
Why
was the target selected? (For social, political, financial reasons?)
2.
What
was the target’s network security posture prior to the attack?
(Passively/Actively protected, indifferent about cyber security?)
3.
What
was the loss to the target? (Information, financial data, customer/personal
information?)
4.
What
secondary impact did the attack have, and to whom? (Banks, investments,
suppliers etc.)
5.
Identify
the person or organization that claimed responsibility for the attack. In
your own words, describe why you believe they performed the attack.
The post Title: The Impact of a TCP SYN Flood Attack on a Financial Institution appeared first on Brisk Writers.
