CS6250 CS 6250 Exam 2 Latest

CS6250 / CS 6250 Exam 2 (Latest Update 2025 / 2026) Computer Networks | Questions & Answers | Grade A | 100% Correct - Georgia Tech

Question:

Explain the structure of a DDoS attack.

Answer:

DDoS is an attempt to compromise a server by flooding it with excessive traffic. To achieve this, the attacker first compromises and deploys flooding servers (slaves).

• Later, when initiating the attack, the attacker instructs the flooded servers

to send a high volume of traffic to the victim.

• Results in the victim being unreachable or exhaustion of its bandwidth.

• / 4

Question:

What is spoofing, and how is related to a DDoS attack?

Answer:

An act of setting a false IP address in the source field of a packet to impersonate a legitimate server.

• The source IP is spoofed, resulting in the server sending data to another

client instead of the attacker's machine.

• The attacker sets the same IP address in both the source and destination.

Results in the server sending packets to itself, causing it to crash.

Question:

Describe a Reflection and Amplification attack.

Answer:

In a reflection attack, attackers use a set of reflectors to initiate an attack on the victim.

• A reflector is any server that sends a response to a request.

Here, the master directs slaves to send spoofed requests to a vast number of reflectors, usually 1 million.

• Slaves set the source address as the victim's IP address, thereby redirecting

responses to the victim.

• Thus, the victim receives responses from millions of reflectors, resulting in

exhaustion of bandwidth.

• Additionally, the resources of the victim are wasted in processing responses,

making it unable to send legitimate requests.

• / 4

Question:

What are the defenses against DDoS attacks?

Answer:

Traffic scrubbing services, ACL filters, BGP Flowspec, and BGP Blackholing

Question:

Explain provider-based blackholing.

Answer:

A customer AS announces a blackholing message to the provider with the host name of the DDoS victim. This usually contains a special community field - the provider will then stop advertising the prefix of the affected host.

Question:

Explain IXP blackholing.

Answer:

Similarly, at IXPs, if the AS is a member of an IXP infrastructure and is under attack, it sends blackholing messages to the IXP route server when a member connects to the route server.

• The route server then announces the message to all the connected IXP

member ASes, which then drops the traffic towards the blackhole prefix.

• The null interface to which the traffic should be sent is specified by the IXP.
• The blackholing message sent to the IXP should contain the IXP blackhole

community. 3 / 4

Question:

What is one of the major drawbacks of BGP blackholing?

Answer:

The major drawback is that the destination under attack becomes unreachable, as all traffic, including legitimate traffic, is dropped.

Question:

What is DNS censorship?

Answer:

DNS Censorship is a large-scale network traffic filtering strategy employed by a network to enforce control and censorship over the Internet infrastructure, suppressing material deemed objectionable.

Question:

What are the properties of GFW (Great Firewall of China)?

Answer:

Locality of GFW Nodes, Centralized Management, and Load balancing

• / 4