|
What is a Denial of Service (DoS) attack? |
|
|
|
|
Written by CCIE9277
|
|
Thursday, 12 January 2006 |
|
What is a Denial of Service (DoS) attack? Well, its the most common form of security attack, the easiest to perform and the hardest to track down and stop. A DoS (Denial of Service) attack by design sends a large enough amount of traffic to a host, group of hosts or network in order to overwhelm the target such that it cannot properly respond to legitimate traffic. Below is a list of common DoS attacks: | Teardrop attack: Causes TCP/IP fragmentation reassembly code to improperly handle overlapping IPs.Birthday attack: Based on the "birthday paradox" that more than two people in a group of 23 will share the same birthday is greater than 50 percent the birthday attack is a class of brute force attacks used to solve a class of cyrptographic hash functions problems in hopes of producing a hash collision.CPU Intensive attack: Used to tie up systems resources by using viruses or trojan programs to disable systems.Ping of Death: ICMP echo request of larger than 65535 that causes an input buffer overflow in certain systems.DNS Poisoning: The act of exploiting a DNS server in order to make it return an invalid IP address to a name service request.E-Mail attack: Designed to send so much mail to an inbox that it fills up with bogus e-mail to the point that legitimate email cannot be sent or received.TCP Syn Flood: Opens up a large number of random TCP ports to the point that the host uses many CPU cycles to compute bogus requests. |
|
| Distributed Denial of Service (DDoS): Denial of service attack ran from a pool of compromised hosts.Land.C attack: TCP syn packets sent to a host with the targets address in both the source and destination fields.UDP Bomb: Packets sent with an illegal length field in the header causing a kernal panic and crash.Spoof attack: Creating an IP packet with a spoofed source address that is legitimate inside the targeted network.Chargen: Establishing a UDP service with an input of high characters in order to cause network congestion.Man-In-The-Middle attack: An attacker routes all network data through them by manipulating routing tables.Dialup Out-Of-Band attack: If an attacker knows the targets IP address they can expliot port 139 on Windows 95 systems. Also known as WinNuke.Smurf attack: The art of sending a large amount of ICMP echos (pings) to the broadcast address of a subnet to slow down or disable the network from responding to legitimate traffic. Works best on large broadcast domains and rarely over routed connections since most routers today will disable directed broadcast traffic from traversing their interfaces. | |
There are many other types of security attacks out there and new exploits being found all the time. Its very important to have a strong Network Security Policy and protect your network with various pieces like secured perimiter routers, secure firewalls, IDS (Intrusion Detection System), IPS (Intrusion Prevention System) and strong authentication, authorization and accounting (AAA) systems. Virus protection and a good network design are also always vital in the neverending process of securing your network. |
