Cybersecurity

Vulnerable servers exposed, causing some easy hacking that can go bad

This topic contains 1 reply, has 2 voices, and was last updated by kjoyce 7 months, 1 week ago.

Creator

Topic
2018-03-07 at 14:27 #28607

zmasca29
Participant

https://thehackernews.com/2018/03/memcached-ddos-exploit-code.html

Basically what they are saying here is that its not going to take much for simple hacker to perform a massive DDoS attack using UDP reflections pretty easily. Not only did I find this interesting but I did some research its actually somewhat common this occurs just not on a level of 17,000 servers being exposed. I also had to do some research because I had no idea what DDoS meant. For anyone thats like me and inst sure either here is the definition for it! DDoS stands for Distributed Denial of Service. DDoS is a type of DOS attack where multiple compromised systems, which are often infected with a Trojan,
Creator

Topic

Author

Replies
2018-03-08 at 09:20 #28623

kjoyce
Participant

According to Cisco, there are 3 types of Distributed Denial of Service attacks:
1) Volume based
User Datagram Protocol (UDP) packets flood random ports on a server or
Internet Control Message Protocol (ICMP) [ping] packets to consume all of the connection’s bandwidth
2) Application attacks
HTTP Flood – botnets inundate servers with standard Get and Post requests
Slowloris – Parts of requests are sent to servers at specific time periods that slow a processing
server down
3) Protocol Attacks
SYN flood – Attackers send numerous TCP synchronization (SYN) packets to a server but do not respond
to the corresponding acknowledge (ACK) packets
Ping of Death – Attackers send oversized or fragmented ping packets that the responding device can
not properly handle
Author

Replies

You must be logged in to reply to this topic.

The DoD Cybersecurity Policy Chart

This chart captures the tremendous breadth of applicable policies, some of which many cybersecurity professionals may not even be aware, in a helpful organizational scheme.

View the Policy Chart

CSIAC Journal - Cyber-As-Zoo: Multidisciplinary Cyber Struggle

This issue of the CSIAC Journal contains five articles that offer some perspectives to address the often-heard phrase "Cyber Is Hard", usually associated with gnashing of teeth and exasperated sighs.

Read the Journal

CSIAC Journal - Insider Threat and the Malicious Insider Threat

This issue of the CSIAC Journal presents five articles which represent different perspectives on Insider Threat and approaches to understand and remediate that threat.

Read the Journal

CSIAC Reference Document - Recent Developments in Cyberlaw: 2018

CSIAC SME and member of the American Bar Association’s Information Security Committee, Richard “Rick” Aldrich, gives a snapshot of the recent developments in cyberlaw, policy, standards, court cases and industry legal frameworks. These slides focus on emerging issues such as cloud data storage, the scope of 3rd-party doctrine, encryption, warrants for electronic searches, and artificial intelligence.

Read the Document