Computer Security II

Terms in this set (294)

• Specific Application
- example: send bogus signature packets to an authentication service
• other services on the host may be unaffected
- detection difficult
• attack volume usually small
• host operates normally except for targeted application
- may be able to distinguish legit. from attack packets at application level (or
maybe not)
• even if we can, a defense strategy would need to take into account each application
we want to protect
• Host
- aims to disable all legitimate access to target host
• overload or disable network communication subsystem
• otherwise cause host to crash, freeze, or reboot
- hosts can try to limit their exposure by patching known holes, updating
protocols w/DDoS resistant versions
• however, by themselves cannot defend against attacks that consume all of their
network resources
- need upstream help - i.e., a firewall that can recognize and help filter the attack
• Resource
- any resource critical to the victim (server, router, bottleneck link)
• Network
- aims to consume all available incoming bandwidth for target network
• packet destination can be any host on target network
- packet volume, not content, is key
- can be easy to detect due to high traffic volume
- target network dependant on upstream network for help in defending
• even if it could detect & filter attack traffic, entire resources of ingress routers may be
consumed doing so
• Infrastructure
- coordinated targeting of distributed services crucial to the global internet
• attacks on root DNS servers, core routers, etc.
- from point of view of a single target, may be same as a host-type attack