DoS attack is one of the most serious threats today. We often hear about DoS attacks that temporarily or indefinitely suspend service or an entire network. How are these DoS attacks perpetrated and how can we prevent them? In this article, we would discuss that in detail.
What are DoS and DDoS attacks?
A DoS or Denial of Service Attack is an attack that is perpetrated for the purpose of making a target machine or network resource unavailable for its intended users. This attack is usually made to temporarily or indefinitely suspend service of a host connected to the Internet.
DDoS Attack or Distributed Denial of Service Attack is an attack in which the attack comes from multiple sources having different IP addresses. Basically, a DDoS attack is a DoS attack in which the attack is perpetrated using several source IP addresses. Using IP address spoofing, the attackers usually hide their own IP addresses and make it extremely hard to catch the attackers.
Effects of DoS Attacks
As a result of a DoS attack, you may see:
- Unusually slow network performance.
- Unavailability of a particular website.
- A dramatic increase in the number of spam emails received.
- Disconnection of Internet connection.
The effects can be sometimes long term or even for an indefinite time.
Different Types of DoS and DDoS Attacks
There are different types of DoS Attacks. Let’s understand what each type of DoS attack does:
UDP Flood Attack – UDP Flood Attack is an attack that floods random ports of a remote host with a large number of UDP packets. This makes the host repeatedly check the application which is listening to the port and reply with ICMP Destination Unreachable packets when no application found. As a result, the host ends up exhausting a considerable amount of its resources and leads to a DoS Attack.
Internet Control Message Protocol Flood or ICMP Flood – Smurf Attack is this type of attack. In these attacks, the attacker sends lots of ICMP broadcast packets forging the source address of the target system. As a result, all the computers in the network send an overwhelming number of replies to the target computer. As a result, the target computer ends up consuming all its network bandwidth in sending replies and its resources become unavailable for legitimate purposes
Ping Flood – In this attack, the attacker sends a large number of ICMP Echo Request or ping packets to the targeted victim’s IP address, mostly by using the flood option of ping. As a result, the victim’s machine starts responding to each ICMP packet by sending an ICMP Echo Reply packet and ends up exhausting all its network bandwidth and it results in a DoS attack.
Ping of Death – A correctly formed ping packet is typically 56 bytes in size. But any IPv4 packet may be as large as 65,535 bytes. If the attacker sends a malformed and very large ping packet to the victim’s IP address, the IP packet splits into multiple fragments and reaches the targeted system. When the victim’s machine will reassemble the IP fragments, it will end up with an IP packet larger than 65,535 bytes. As a result, if the victim’s computer cannot handle that properly, a buffer overflow will happen. It can result in a system crash and potentially allow the injection of malicious code. This type of attack is called the Ping of Death.
SYN Flood – In the SYN Flood, the attacker sends a huge number of connection requests to the target server often by forging the source IP address. As a result, the target server ends up spawning lots of half-open connections, and sends back TCP/SYN-ACK packets and waits for the responses. But as the attacker has forged the source IP addresses of the packets, the packets sent by the target server end up going to wrong IP addresses and the server never gets a reply. But, these half-open connections saturate the maximum number of open connections the server can have and the server can no more respond to legitimate requests, and that results in a DoS attack.
Other Application Level Flood: In this type of attack, the attacker floods the victim machine with legitimate-looking requests like database lookup, search requests, etc. It exploits few conditions like buffer overflow, and fills up the disk space of the target machine or consume all its memory and CPU cycles. As a result, the victim machine ends up exhausting all its …
0 Comments