Smith is an IT security consultant who has been hired on by an ISP that has recently been plagued by numerous DoS attacks. The ISP did not have the internal resources to prevent future attacks, so they hired Smith for his expertise. Smith looks through the company’s firewall logs and can see from the patterns that the attackers were using reflected DoS attacks. What measures can Smith take to help prevent future reflective DoS attacks against the ISP’s network?
A. Smith needs to tell the ISP to block all UDP traffic coming in on port 1001 to prevent future reflective DoS attacks against their network.
B. Smith should configure the ISP’s firewall so that it blocks FIN packets that are sent to the broadcast address of the company’s internal IP range.
C. Smith should have them configure their network equipment to recognize SYN source IP addresses that never complete their connections.
D. Smith should have the ISP block port 443 on their firewall to stop these DoS attacks.
The correct answer is C.
Attackers send packets to the reflector servers with a source IP address set to their victim’s IP therefore indirectly overwhelming the victim with the response packets. As victim is not expecting these response packets, it will drop the packets thus terminating the connections.
Certified Ethical Hacker v9