How to protect servers from DoS and DDoS Attacks?

by | Mar 9, 2017 | CCNA, CCNP, CompTIA, DoS and DDoS Prevention, Network Security, Security Fundamentals

DoS attack is one of the most serious threats today. We often hear about DoS attacks that temporarily or indefinitely suspend service or an entire network. How are these DoS attacks perpetrated and how can we prevent them? In this article, we would discuss that in detail.

 

What are DoS and DDoS attacks?

A DoS or Denial of Service Attack is an attack that is perpetrated for the purpose of making a target machine or network resource unavailable for its intended users. This attack is usually made to temporarily or indefinitely suspend service of a host connected to the Internet.

DDoS Attack or Distributed Denial of Service Attack is an attack in which the attack comes from multiple sources having different IP addresses. Basically, a DDoS attack is a DoS attack in which the attack is perpetrated using several source IP addresses. Using IP address spoofing, the attackers usually hide their own IP addresses and make it extremely hard to catch the attackers.

 

Effects of DoS Attacks

As a result of a DoS attack, you may see:

  • Unusually slow network performance.
  • Unavailability of a particular website.
  • A dramatic increase in the number of spam emails received.
  • Disconnection of Internet connection.

The effects can be sometimes long term or even for an indefinite time.

 

Different Types of DoS and DDoS Attacks

There are different types of DoS Attacks. Let’s understand what each type of DoS attack does:

 

UDP Flood Attack – UDP Flood Attack is an attack that floods random ports of a remote host with a large number of UDP packets. This makes the host repeatedly check the application which is listening to the port and reply with ICMP Destination Unreachable packets when no application found. As a result, the host ends up exhausting a considerable amount of its resources and leads to a DoS Attack.

Internet Control Message Protocol Flood or ICMP Flood – Smurf Attack is this type of attack. In these attacks, the attacker sends lots of ICMP broadcast packets forging the source address of the target system. As a result, all the computers in the network send an overwhelming number of replies to the target computer. As a result, the target computer ends up consuming all its network bandwidth in sending replies and its resources become unavailable for legitimate purposes

Ping Flood – In this attack, the attacker sends a large number of ICMP Echo Request or ping packets to the targeted victim’s IP address, mostly by using the flood option of ping. As a result, the victim’s machine starts responding to each ICMP packet by sending an ICMP Echo Reply packet and ends up exhausting all its network bandwidth and it results in a DoS attack.

Ping of Death – A correctly formed ping packet is typically 56 bytes in size. But any IPv4 packet may be as large as 65,535 bytes. If the attacker sends a malformed and very large ping packet to the victim’s IP address, the IP packet splits into multiple fragments and reaches the targeted system. When the victim’s machine will reassemble the IP fragments, it will end up with an IP packet larger than 65,535 bytes. As a result, if the victim’s computer cannot handle that properly, a buffer overflow will happen. It can result in a system crash and potentially allow the injection of malicious code. This type of attack is called the Ping of Death.

SYN Flood – In the SYN Flood, the attacker sends a huge number of connection requests to the target server often by forging the source IP address. As a result, the target server ends up spawning lots of half-open connections, and sends back TCP/SYN-ACK packets and waits for the responses. But as the attacker has forged the source IP addresses of the packets, the packets sent by the target server end up going to wrong IP addresses and the server never gets a reply. But, these half-open connections saturate the maximum number of open connections the server can have and the server can no more respond to legitimate requests, and that results in a DoS attack.

Other Application Level Flood: In this type of attack, the attacker floods the victim machine with legitimate-looking requests like database lookup, search requests, etc. It exploits few conditions like buffer overflow, and fills up the disk space of the target machine or consume all its memory and CPU cycles. As a result, the victim machine ends up exhausting all its …

Facebooktwitterredditpinterestlinkedinmail

Calculate the pseudoinverse of a matrix using Python

What is the pseudoinverse of a matrix? We know that if A is a square matrix with full rank, then A-1 is said to be the inverse of A if the following condition holds: $latex AA^{-1}=A^{-1}A=I $ The pseudoinverse or the Moore-Penrose inverse of a matrix is a...

Cholesky decomposition using Python

What is Cholesky decomposition? A square matrix A is said to have Cholesky decomposition if it can be written as a product of a lower triangular matrix and its conjugate transpose. $latex A=LL^{*} $ If all the entries of A are real numbers, then the conjugate...

Tensor Hadamard Product using Python

In one of our previous articles, we already discussed what the Hadamard product in linear algebra is. We discussed that if A and B are two matrices of size mxn, then the Hadamard product of A and B is another mxn matrix C such that: $latex H_{i,j}=A_{i,j} \times...

Perform tensor addition and subtraction using Python

We can use numpy nd-array to create a tensor in Python. We can use the following Python code to perform tensor addition and subtraction. import numpy A = numpy.random.randint(low=1, high=10, size=(3, 3, 3)) B = numpy.random.randint(low=1, high=10, size=(3, 3, 3)) C =...

How to create a tensor using Python?

What is a tensor? A tensor is a generalization of vectors and matrices. It is easily understood as a multidimensional array. For example, in machine learning, we can organize data in an m-way array and refer it as a data tensor. Data related to images, sounds, movies,...

How to combine NumPy arrays using horizontal stack?

We can use the hstack() function from the numpy module to combine two or more NumPy arrays horizontally. For example, we can use the following Python code to combine three NumPy arrays horizontally. import numpy A = numpy.array([[1, 2, 3], [4, 5, 6], [7, 8, 9]]) B =...

How to combine NumPy arrays using vertical stack?

Let’s say we have two or more NumPy arrays. We can combine these NumPy arrays vertically using the vstack() function from the numpy module. For example, we can use the following Python code to combine three NumPy arrays vertically. import numpy A = numpy.array([[1, 2,...

Singular Value Decomposition (SVD) using Python

What is Singular Value Decomposition (SVD)? Let A be an mxn rectangular matrix. Using Singular Value Decomposition (SVD), we can decompose the matrix A in the following way: $latex A_{m \times n}=U_{m \times m}S_{m \times n}V_{n \times n}^T $ Here, U is an mxm matrix....

Eigen decomposition of a square matrix using Python

Let A be a square matrix. Let’s say A has k eigenvalues λ1, λ2, ... λk. And the corresponding eigenvectors are X1, X2, ... Xk. $latex X_1=\begin{bmatrix} x_{11} \\ x_{21} \\ x_{31} \\ ... \\ x_{k1} \end{bmatrix} \\ X_2=\begin{bmatrix} x_{12} \\ x_{22} \\ x_{32} \\ ......

How to calculate eigenvalues and eigenvectors using Python?

In our previous article, we discussed what eigen values and eigenvectors of a square matrix are and how we can calculate the eigenvalues and eigenvectors of a square matrix mathematically. We discussed that if A is a square matrix, then $latex (A- \lambda I) \vec{u}=0...

Amrita Mitra

Author

Ms. Amrita Mitra is an author, who has authored the books “Cryptography And Public Key Infrastructure“, “Web Application Vulnerabilities And Prevention“, “A Guide To Cyber Security” and “Phishing: Detection, Analysis And Prevention“. She is also the founder of Asigosec Technologies, the company that owns The Security Buddy.

0 Comments

Submit a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Not a premium member yet?

Please follow the link below to buy The Security Buddy Premium Membership.

Featured Posts

Translate »