What are the properties of secure communication?
Confidentiality, integrity, authentication, and availability.
How does Round Robin DNS (RRDNS) work?
It cycles through multiple IP addresses for a domain to distribute incoming requests across servers.
How does DNS-based content delivery work?
DNS returns server IPs based on client location, load, or performance to route users to optimal replicas.
How do Fast-Flux Service Networks work?
They rapidly rotate large pools of compromised hosts as front-end proxies to hide malicious servers.
What are the main data sources used by FIRE to identify rogue networks?
- Botnet C2 providers
- Drive-by-download
- Phish housing providers
Describe the 2 phases of ASwatch.
Training: Collect longitudinal BGP behavior
Operational: Analyze features (e.g., volatility, relationships) to classify suspicious ASes.
What are 3 classes of features used to determine likelihood of a security breach?
- Spam
- Phishing and Malware
- Scanning
(BGP hijacking) What is the classification by affected prefix?
Exact-prefix hijack, sub-prefix hijack, and squatting.
(BGP hijacking) What is the classification by AS-Path announcement?
- Type-O – AS does not own prefix
- Type-N – fake link between ASes
- Type-U – modify prefix but not AS-PATH
(BGP hijacking) What is the classification by data plane traffic manipulation?
- Dropped → blackholing attack
- Eavesdropped → man-in-the-middle attack
- Impersonation → impostor attack
What are the causes or motivations behind BGP attacks?
- Human Error
- Targeted Attack
- High Impact Attack
Explain the scenario of prefix hijacking.
An attacker announces ownership of IP prefixes they do not control, redirecting traffic towards themselves.
Explain the scenario of hijacking a path.
An attacker alters AS-path information to redirect or observe traffic without claiming the prefix.
What are the key ideas behind ARTEMIS?
Use the following to trigger alerts and detect anomalies:
- Configuration file
- Mechanism for receiving BGP updates
What are the two automated techniques used by ARTEMIS?
- Prefix deaggregation
- Mitigation with Multiple Origin AS
What are two findings from ARTEMIS?
- Outsource task of BGP announcements
- Outsourcing outperformed prefix filtering
Explain the structure of a DDoS attack.
Many compromised devices flood a target with traffic, overwhelming resources and causing service denial.
What is spoofing, and how is it related to a DDoS attack?
Using forged source IPs; it hides attackers and enables reflection/amplification attacks.
Describe a Reflection and Amplification attack.
Attackers send spoofed requests to servers that reply with large responses to a victim, amplifying traffic volume.
What are the defenses against DDoS attacks?
Rate limiting, filtering, scrubbing centers, blackholing, and ingress/egress filtering.
Explain provider-based blackholing.
An ISP drops all traffic to a victim’s IP after receiving a special BGP community tag.
Explain IXP blackholing.
An Internet Exchange Point accepts blackhole routes and drops traffic before it reaches member networks.
What is one of the major drawbacks of BGP blackholing?
It sacrifices availability by discarding all traffic—including legitimate traffic—to the targeted prefix.
-
Module 1: Quiz10
-
Module 1: Practice Quiz5
-
Module 2: Quiz21
-
Module 2: Practice Quiz4
-
Module 3: Quiz21
-
Module 3: Practice Quiz14
-
Module 4: Quiz23
-
Module 4: Practice Quiz21
-
Module 5: Quiz13
-
Module 5: Practice Quiz27
-
Module 6: Quiz10
-
Module 7: Practice Quiz18
-
Module 7: Quiz13
-
Module 8: Practice Quiz33
-
Module 8: Quiz21
-
Module 9: Practice Quiz24
-
Module 9: Quiz16
-
Module 10: Practice Quiz13
-
Module 10: Quiz14
-
Module 11: Practice Quiz25
-
Module 11: Quiz15
-
Module 12: Quiz12
-
Module 7: AI11
-
Module 8: AI18
-
Module 9: AI23
-
Module 10: AI23
-
Module 11: AI28
-
Module 12: AI24
