Denial of Service Attacks

• Tweet

• Tweet

The goal of a DoS attack is to compromise the availability of your production network and host resources. Common methodology in DoS attacks is to generate a huge volume of requests to deliberately consume resources such as network bandwidth, server CPU and memory resources. By doing this, attacker is consuming limited system resources, possibly affecting legitimate user traffic.

The most common DoS attack is SYN flood, where attacker is generating a high volume of TCP connection requests to the destination, that are not meant to be established. Since the system under attack must maintain these connections, sometimes called as embryonic connections, it eventually runs out of system resources and becomes unavailable to the legitimate users.

Another common DoS attack is Smurf, where the attacker sends a large volume of Internet Control Message Protocol (ICMP) packets to the broadcast IP with the source IP of the server under attack. Since the packet is sent to a broadcast IP, the directly connected router will make a copy of the request and forward it to each device on that subnet. Each device then replies to the host under attack, thus generating an increased volume of ICMP replies for the host to handle.

Ping of Death (Pod) is another popular DoS attack. In this case attacker sends malformed packets to exploit any flaws in the application. For example, attacker can send an ICMP echo packet that is higher than allowed packet size. There have been cases where some older TCP/IP stacks never bothered to verify the packet size and had to allocate more memory than needed. Eventually this would cause the system to use all available memory and crash.

Most DoS attacks primarily target server farms, however one should keep in mind that network congestion is an indirect product of the DoS attack. Dealing with Dos attacks and protecting against them is not an easy task, but can be accomplished. There are many mechanisms to protect against DoS attacks and is a topic for my next blog.