Register
A university's help desk is receiving reports that Internet access on campus is not functioning. The network administrator looks at the management tools and sees the 1Gbps Internet is completely saturated
117k views
5 votes
A university's help desk is receiving reports that Internet access on campus is not functioning. The network administrator looks at the management tools and sees the 1Gbps Internet is completely saturated with ingress traffic. The administrator sees the following output on the Internet router:

13:45.12857 .2343 > .443 S 37483928:37483928 (0) win 16384
...
....

The administrator calls the university's ISP for assistance, but it takes more than four hours to speak to a network engineer who can resolve the problem.

Based on the information above, which of the following should the ISP engineer do to resolve the issue?

A. The ISP engineer should null route traffic to the web server immediately to restore Internet connectivity. The university should implement a remotely triggered black hole with the ISP to resolve this more quickly in the future.

B. A university web server is under increased load during enrollment. The ISP engineer should immediately increase bandwidth to 2Gbps to restore Internet connectivity. In the future, the university should pay for more bandwidth to handle spikes in web server traffic.

C. The ISP engineer should immediately begin blocking IP addresses that are attacking the web server to restore Internet connectivity. In the future, the university should install a WAF to prevent this attack from happening again.

D. The ISP engineer should begin refusing network connections to the web server immediately to restore Internet connectivity on campus. The university should purchase an IPS device to stop DDoS attacks in the future.

User Fernker
by
8.3k points

1 Answer

0 votes

Final answer:

The ISP engineer should consider implementing a null route to stop the traffic surge likely caused by a DDoS attack, then the university should establish a remotely triggered black hole with the ISP for future quick mitigation. Long-term solutions include investing in a WAF or IPS to enhance cybersecurity.

Step-by-step explanation:

Based on the provided information, the internet access issue appears to stem from the university’s Internet connection being completely saturated with ingress traffic, which could indicate a DDoS attack. One possible immediate solution for the ISP engineer would be to implement a null route to the affected server, effectively dropping all traffic directed towards it and alleviating the congestion on the university’s internet link. To prevent similar issues in the future and improve cybersecurity, the university could work with the ISP to establish a remotely triggered black hole (RTBH) to handle excessive traffic surges more quickly and efficiently. In addition to these steps, longer-term strategies such as acquiring a Web Application Firewall (WAF) or an Intrusion Prevention System (IPS) could be considered to enhance protection against various forms of cyberattacks, including DDoS attacks.

User Stanislav Terletskyi
by
7.4k points
Ask a Question
Welcome to QAmmunity.org, where you can ask questions and receive answers from other members of our community.

8.8m questions

11.4m answers

Other Questions

Who was Adam Smith ? Anybody?
What can turn igneous rock into sediment?
What is meant by data mining ?
What is the best way to describe a stock market?
You sell popcorn during your schools football games. Knowing that the people usually buy more when the price is lower, how would you price your popcorn after halftime?
Link Copied!