Denial-of-Service
•Commonly used against information stores like web sites •Simple and usually quite effective
•Does not pose a direct threat to sensitive data
•The attacker tries to prevent a service from being used and making that service unavailable to legitimate users
•Attackers typically go for high visibility targets such as the web server, or for infrastructure targets like routers and network links
Denial-of-Service Example
If a mail server is capable of receiving and delivering 10 messages a second, an attacker simply sends 20 messages per second. The legitimate traffic (as well as a lot of the malicious traffic) will get dropped, or the mail server might stop responding entirely.
-This type of an attack may be used as a diversion while another attack is made to actually compromise systems
-In addition, administrators are likely to make mistakes during an attack and possibly change a setting that creates a vulnerability that can be further exploited
- Buffer Overflow Attacks
- SYN Flood Attack
- Teardrop Attacks
- Smurf Attack
- DNS Attacks
- Email Attacks
- Physical Infrastructure Attacks
- Viruses/Worms
The most common DoS attack sends more traffic to a device than the program anticipates that someone might send Buffer Overflow.- When connection sessions are initiated between a client and server in a network, a very small space exists to handle the usually rapid "hand-shaking" exchange of messages that sets up a session.
- The session-establishing packets include a SYN field that identifies the sequence order.
- To cause this kind of attack, an attacker can send many packets, usually from a spoofed address, thus ensuring that no response is sent.
- Exploits the way that the Internet Protocol (IP) requires a packet that is too large for the next router to handle be divided into fragments.
- The fragmented packet identifies an offset to the beginning of the first packet that enables the entire packet to be reassembled by the receiving system.
- In the teardrop attack, an attacker's IP puts a confusing value in the second or later fragment. If the receiving operating system cannot cope with such fragmentation, then it can cause the system to crash.
- The attacker sends an IP ping request to a network site.
- The ping packet requests that it be broadcast to a number of hosts within that local network.
- The packet also indicates that the request is from a different site, i.e. the victim site that is to receive the denial of service.
- This is called IP Spoofing--the victim site becomes the address of the originating packet.
- The result is that lots of ping replies flood back to the victim host. If the flood is big enough then the victim host will no longer be able to receive or process "real" traffic.
DNS Attacks
- A famous DNS attack was a DDoS "ping" attack. The attackers broke into machines on the Internet (popularly called "zombies") and sent streams of forged packets at the 13 DNS root servers via intermediary legitimate machines.
- The goal was to clog the servers, and communication links on the way to the servers, so that useful traffic was gridlocked. The assault is not DNS-specific--the same attack has been used against several popular Web servers in the last few years.
- When using Microsoft Outlook, a script reads your address book and sends a copy of itself to everyone listed there, thus propagating itself around the Internet.
- The script then modifies the computer’s registry so that the script runs itself again when restarted.
- Someone can just simply snip your cables! Fortunately this can be quickly noticed and dealt with.
- Other physical infrastructure attacks can include recycling systems, affecting power to systems and actual destruction of computers or storage devices.
Viruses/Worm
- Viruses or worms, which replicate across a network in various ways, can be viewed as denial-of-service attacks where the victim is not usually specifically targeted but simply a host unlucky enough to get the virus.
- Available bandwidth can become saturated as the virus/worm attempts to replicate itself and find new victims
