A Denial of Sevice (DoS) attack is used to prevent access to a service or resource. This can be done by either crashing the service or flooding the service. DoS attacks that aim to crash the service look for vulnerabilities in software, usually from specific vendors. If the service is on a server then not only will the service and operating system crash, but the server will crash as well. Because of this, many of the vulnerabilities are known and are already patched. Flooding DoS attacks aim to merely overload the service so it can't respond, rather than crashing it altogether. This is primarily done by using up the user's bandwidth so that other traffic can't get through. This can only be done if the attacker has more bandwidth than the victim.
One example of a crashing DoS attack is "The Ping of Death." The basis of this attack is to overload the data portion of an Internet Control Message Protocol (ICMP) packet. The data portion is designed to hold 2^16 bytes of data, so if someone sent an ICMP echo message that contained more than this amount of bytes, it would crash the operating system. Although this is now a known problem and systems are already patched for this vulnerability, new technologies are still sometimes affected by this.
An example of a flooding DoS attack is an Amplification attack. This form of attack is different from a typical flooding attack by not using massive amounts of bandwidth. This is done by targeting a network that has a large amount of active hosts and then send those hosts large ICMP echo request packets. These packets have a spoofed source address of the victim's system, so when these packets are sent to the hosts, they will send ICMP echo reply packets of their own back to the spoofed source address and thus flood the victim's network.
Another type of a flooding DoS attack is a distributed DoS (DDoS) attack. The first step of this attack is to find other hosts and install daemons on them. These hosts are known as bots. Then, when the attacker finds a victim, he or she will execute some kind of program that controls the bots and makes them simultaneously perform a flooding DoS attack. The multiple bots that are used greatly increases the flooding effect and also makes it more difficult to trace the source of the attack.
Below is a link that offers defenses against DDoS attacks:
http://www.securityweek.com/content/how-defend-against-ddos-attacks
No comments:
Post a Comment