IS 698 Special Topics in IS: Introduction to Cybersecurity
HW2 [Denial of Service attacks]
Provide a solution to the following exercises:
- [30 pts] How can a website distinguish between lack of capacity and a denial-of-service-attack? For example, websites often experience a tremendous increase in volume of traffic right after an advertisement with the site’s URL is shown on TV during the broadcast of a popular sport event. That spike in usage is the result of normal access that happens to occur at the same time. How can a site determine that high traffic is reasonable?
- [30 pts] Syn flood is the result of some incomplete protocol exchange: the client initiates an exchange but does not complete it. Unfortunately, these situations can also occur normally. Describe a benign situation that could cause a protocol exchange to be incomplete.
- [40 pts] A distributed denial-of-service attack requires zombies running on numerous machines to perform part of the attack simultaneously. If you were a system administrator looking for zombies on your network, what would you look for?
Due: Sunday, Nov 11, 11:59PM