978-0789757463 Chapter 4

True / False

1. Blocking ICMP packets may help prevent denial-of-service attacks.

2. A smurf attack is a type of malware attack.

3. The ping –l option changes the size of the packet you can send.

4. A denial-of-service attack is one of the most common attacks on a system.

5. SYN cookies are a form of attack.

6. Stack tweaking is a method to alter the TCP stack so that a timeout takes less time

when a SYN connection is left incomplete.

7. A teardrop attack involves sending a forged packet to the victim.

8. An echo-chargen attack occurs when the attacker sends a forged packet with the same

source IP address and destination IP address as the target’s IP address.

9. The group Anonymous is a supporter of Wikileaks founder Julian Assange and

launched multiple distributed denial-of-service attacks on various financial companies.

10. A firewall can be configured to disallow certain types of incoming traffic that may be

attacking.

Multiple Choice

1. Which type of attack attempts to overload the system with requests, denying legitimate

users access?

a. Denial of service

b. ip spoofing

c. Phishing

d. None of the above

2. Which defensive technique involves the server sending a wrong SYN+ACK to the

client, so the client sends and RST packet notifying the server of an error? This makes the

server think the client request is legitimate.

a. Stack tweaking

b. RST cookies

c. SYN cookies

d. None of the above

3. Which attack involves sending an ICMP packet to the broadcast address so that it is

then sent to the spoofed source address, causing the network to perform a DoS attack on

one of more of its member servers?

a. Stack tweaking

b. RST cookies

c. Smurf IP attack

d. None of the above

4. Which defensive technique involves altering the TCP stack on the server so that it will

take less time to timeout when a SYN connection is left incomplete?

a. Stack tweaking

b. RST cookies

c. SYN cookies

d. None of the above

5. Micro blocks, SYN cookies, RST cookies, and stack tweaking are defenses against

______.

a. TCP SYN flood attacks

b. Phishing

c. Viruses

d. None of the above

6. The command-line command _______ 127.0.0.1 –l 65000 –w 0 –t will send multiple

large packets to a computer, and when initiated by multiple senders may cause a denial-

of-service attack.

a. dos

b. ddos

c. tfn

d. None of the above

7. One tool used for a denial-of-service attack is ______________.

a. Linux

b. Tribal Flood Network

c. UDP

d. None of the above

8. _________ attacks are becoming less common in modern operating systems.

a. Denial of service

b. SYN flood

c. Buffer overflow

d. None of the above.

9. The command-line command to display all options for the ping command is ping

____.

a. -h

b. -i

c. -j

d. none of the above

10. The command-line command to instruct the ping utility to send packets until

explicitly told to stop is ping ____.

a. -s

b. -t

c. -u

d. None of the above

11. The attack in which the attacker sends a forged packet with the same source IP

address and destination IP address in which the victim may be tricked into sending

messages to and from itself is a(n) _______________ attack.

a. Teardrop

b. Land

c. myDoom

d. echo-chargen

12. The attack in which the attacker sends a fragmented message that the victim cannot

reconstruct is a(n) ________ attack.

a. Teardrop

b. Land

c. myDoom

d. echo-chargen

13. The attack in which the attacker sends a packet that is too large and can shut down a

target machine is a(n) ________________ attack.

a. ICMP flood

b. Ping of Death

c. Teardrop

d. None of the above

14. One defense against denial-of-service attacks is to _______ ICMP packets.

a. Block

b. Convert

c. Permit

d. Modify

15. One classic denial-of-service attack distributed by email was _____________.

a. myDoom

b. Linux

c. pingflood

d. None of the above