Denial of Service Attack (DoS & DDoS)

DoD and DDoS Attack

A denial of service (DoS) attack is a malicious attempt to make a server or a network resource unavailable to users, usually by temporarily interrupting or sending the services of a host connected to the internet.

Although a DoS attack does not usually result in the theft of information or security loss, it can cost the targeted person or company a great deal of time and money. Typically, the loss of the service is the inability of a particular network service such as e-mail or temporary loss of all network connectivity and services.

The most common type of denial of service attack involves flooding the target resources with external communication request, these overload prevent the resource from responding to legitimate traffic or slow its response.

Common DoS Attack

Buffer Overflow Attacks

The most common kind of DoS attack is simply to send more traffic to a network address than the programmer who plans its data buffers anticipated someone might send. The attackers may be aware that the target system has a weakness that can be exploited or the attacker may simply try to the attack in case it might work, the most common attack based in buffer includes sending e-mail messages or sending oversize ICMP.

SYN Attack

When a session is initiated between the Transport Control Protocol (TCP) client and server in the network, a very small buffer space exits to handle the usually rapid "hand-shake" exchange of messages that sets up the session. The session establish packets include a SYN field the sequence in messages exchange. An attacker can send a number of connection requests and then fail to respond to reply.

Teardrop Attack

This type of DoS attack exploit the way that the internet protocol (IP) requires a packet that is too large for the next router to handle be divided in to fragments. The fragment packet identifies the packet that enables the entire packet to be reassembled by the receiving system. So the attacker's ip puts a confusing offset vlaue in the second or later fragment. if the receiving OS doesn't have a plan for this situation, it can cause the system to crash.

Smurf Attack

In this attack, the perpetrator sends and IP ping request to receiving site, the ping packet specifies that it sends to a number of hosts within the receiving sites's local network. The packet also request that the request is from another site. The target site that is to receive the denial of service sending a packet with someonelse's return address in is called spoofing, the result will be lots of ping replies flooding back to the innocent spoofed site. If the flood is greater enough, the spoofed host will no longer be available to receive or distinguish a real traffic.

Preventing Denial of Service Attack

Rapid identification and response can prevent DoS attacks. The first challenge for any DoS protection scheme is to quickly and effectively identify incoming malicious traffics. Once the flood of the traffic is identified as DoS attack rather than a spike in ligitimate site traffic, An effective response will generally involve setting up a scalable infrastructure to abosorb the attack until the source is identified and blocked.