DoS attack is one of the most serious threats today. We often hear about DoS attacks that temporarily or indefinitely suspend service or an entire network. How are these DoS attacks perpetrated, and how can we prevent them? In this article, we will discuss that in detail.
What are DoS and DDoS attacks?
A DoS or Denial of Service Attack is an attack that is perpetrated to make a target machine or network resource unavailable for its intended users. This attack is usually made to temporarily or indefinitely suspend the service of a host connected to the Internet.
DDoS Attack or Distributed Denial of Service Attack is an attack in which the attack comes from multiple sources having different IP addresses. Basically, a DDoS attack is a DoS attack in which the attack is perpetrated using several source IP addresses. Using IP address spoofing, the attackers usually hide their own IP addresses and make it extremely hard to catch the attackers.
Effects of DoS Attacks
As a result of a DoS attack, you may see:
- Unusually slow network performance.
- Unavailability of a particular website.
- A dramatic increase in the number of spam emails received.
- Disconnection of Internet connection.
The effects can be sometimes long-term or even for an indefinite time.
Different Types of DoS and DDoS Attacks
There are different types of DoS Attacks. Let’s understand what each type of DoS attack does:
UDP Flood Attack—A UDP Flood attack floods random ports of a remote host with a large number of UDP packets. This causes the host to repeatedly check the application listening to the port and reply with ICMP Destination Unreachable packets when no application is found. As a result, the host exhausts a considerable amount of its resources, leading to a DoS Attack.
Internet Control Message Protocol Flood or ICMP Flood – Smurf Attack is this type of attack. In these attacks, the attacker sends many ICMP broadcast packets forging the source address of the target system. As a result, all the computers in the network send an overwhelming number of replies to the target computer. As a result, the target computer ends up consuming all its network bandwidth in sending replies, and its resources become unavailable for legitimate purposes
Ping Flood—In this attack, the attacker sends a large number of ICMP Echo requests or ping packets to the targeted victim’s IP address, mostly using the flood option of ping. As a result, the victim’s machine starts responding to each ICMP packet by sending an ICMP Echo Reply packet and exhausts all its network bandwidth, resulting in a DoS attack. (What is ping flood?)
Ping of Death – A correctly formed ping packet is typically 56 bytes in size. But any IPv4 packet may be as large as 65,535 bytes. If the attacker sends a malformed and very large ping packet to the victim’s IP address, the IP packet splits into multiple fragments and reaches the targeted system. When the victim’s machine reassembles the IP fragments, it will end up with an IP packet larger than 65,535 bytes. As a result, if the victim’s computer cannot handle that properly, a buffer overflow will happen. It can result in a system crash and potentially allow the injection of malicious code. This type of attack is called the Ping of Death.
SYN Flood – In the SYN Flood, the attacker sends many connection requests to the target server, often by forging the source IP address. As a result, the target server spawns many half-open connections, sends back TCP/SYN-ACK packets, and waits for the responses. However, as the attacker has forged the source IP addresses of the packets, the packets sent by the target server go to the wrong IP addresses, and the server never gets a reply. But, these half-open connections saturate the maximum number of open connections the server can have, and the server can no longer respond to legitimate requests, which results in a DoS attack. (What is SYN flood, and how does it work?)
Other Application Level Flood—In this type of attack, the attacker floods the victim’s machine with legitimate-looking requests like database lookups and search requests. It exploits a few conditions like buffer overflow and fills up the target machine’s disk space or consumes all its memory and CPU cycles. As a result, the victim machine ends up exhausting all its …
0 Comments