Security+ Question of the Week: DoS Tool

You have become aware of a DoS tool that targets your public Web site which is co?located at an ISP rather than in a DMZ off of your intranet. This DoS tool is present on numerous systems across the Internet, but it has also been discovered on a few intranet clients as well. After analyzing traffic captures, you discover that the DoS tool spoofs its source address in the 10.233.43.10?50 range. Why is your Web server not being affected by this DoS traffic?

A. Ingress filtering
B. Malware scanner on e?mail servers
C. Private IP addresses are being filtered
D. Web server patches

Reveal Answer

The correct answer is C.

The IP address coded into the DoS tool uses an RFC 1918 private IP address as its source address. This is often filtered by border devices and Internet routers, thus using a private IP address for Internet communications is prohibited, whether legitimate or malicious.

An ingress filter is not relevant here as traffic is leaving the private network, not entering. An egress filter would have been more appropriate. Malware scanners on e-mail servers is a good security concept, but the wrong solution in this case as e-mail is not involved. Web server patches is also a good security concept, but Web communications are not specifically involved in this situation.

Security+ Question of the Week (SY0-401) Series

Please support our Sponsors here :