Which of the following describes a resource exhaustion attack?
- receiving an abnormally low volume of scanning from numerous source
- performing actions slower than normal
- waiting for an opportune moment
- receiving an abnormally high volume of scanning from numerous source
In a resource exhaustion attack, the goal is to the IPS or IDS such that it cannot keep up. Therefore, this attack uses an abnormally high volume of scanning from numerous sources. Resource exhaustion occurs when a system runs out of limited resources, such as bandwidth, RAM, or hard drive space. Without the required storage space (as an example), the system can no longer perform as expected, and crashes.
A Distributed Denial of Service (DDoS) is one in which the attacker recruits hundreds or thousands of devices to assist in the attack. The helpers are called zombies and as a group they are called a botnet. A DDoS attack usually involves the hijacking of several computers and routers to use as agents of the attack. Multiple servers and routers involved in the attack often overwhelm the bandwidth of the attack victim. For example, if a server has intermittent connection issues, the logs show repeated connection attempts from the same IP addresses, and the attempts are overloading the server to the point it cannot respond to traffic, then the server is experiencing a DDoS attack.
Timing attacks are those in which the operations carried out are done much slower than normal to keep the IPS or IDS from assembling the operation into a recognizable attack.
Objective: Attack Methods
Sub-Objective: Describe these evasion methods: Encryption and tunneling, Resource exhaustion, Traffic fragmentation, Protocol-level misinterpretation, Traffic substitution and insertion, Pivot.