A threat event can be elaborated in terms of tactics, techniques, and procedures (TTP). An attacker initiates a DDoS (Distributed Denial-of-Service) attack from zombies in a botnet through DNS services to attack a victim. Which of the following techniques is least likely used in this attack?
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is A. Blackholing.
Blackholing and sinkholing
With blackhole routing, all the traffic to the attacked DNS or IP address is sent to a “black hole” (null interface or a non-existent server). To be more efficient and avoid affecting network connectivity, it can be managed by the ISP.
A DNS sinkhole routes traffic to a valid IP address which analyzes traffic and rejects bad packets. Sinkholing is not efficient for most severe attacks.
- Man-in-the-middle attack
- Man-in-the-middle attack (Wikipedia)
- Denial-of-service attack
- Rethinking the Scrubbing Center