Scribd Logo
Upload

Welcome to Scribd!

  • 101 views

    Denial of Service Attack

    Uploaded by

    Suryansh Singh
    A denial-of-service (DoS) attack aims to make a machine or network resource unavailable to its intended users. This is done by flooding the target with traffic to consume its resources and prevent legitimate requests from being fulfilled. Common DDoS attack types work by overwhelming the target with UDP, ICMP, or HTTP requests, exploiting the NTP amplification effect, or opening many spoofed connections in a SYN flood. Zero-day DDoS attacks take advantage of previously unknown vulnerabilities before patches are available.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    Denial of Service Attack

    Uploaded by

    Suryansh Singh
    101 views3 pages
    A denial-of-service (DoS) attack aims to make a machine or network resource unavailable to its intended users. This is done by flooding the target with traffic to consume its resources and prevent legitimate requests from being fulfilled. Common DDoS attack types work by overwhelming the target with UDP, ICMP, or HTTP requests, exploiting the NTP amplification effect, or opening many spoofed connections in a SYN flood. Zero-day DDoS attacks take advantage of previously unknown vulnerabilities before patches are available.

    Original Description:

    KKKMKKMKMK

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    A denial-of-service (DoS) attack aims to make a machine or network resource unavailable to its intended users. This is done by flooding the target with traffic to consume its resources and prevent legitimate requests from being fulfilled. Common DDoS attack types work by overwhelming the target with UDP, ICMP, or HTTP requests, exploiting the NTP amplification effect, or opening many spoofed connections in a SYN flood. Zero-day DDoS attacks take advantage of previously unknown vulnerabilities before patches are available.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    101 views3 pages

    Denial of Service Attack

    Uploaded by

    Suryansh Singh
    A denial-of-service (DoS) attack aims to make a machine or network resource unavailable to its intended users. This is done by flooding the target with traffic to consume its resources and prevent legitimate requests from being fulfilled. Common DDoS attack types work by overwhelming the target with UDP, ICMP, or HTTP requests, exploiting the NTP amplification effect, or opening many spoofed connections in a SYN flood. Zero-day DDoS attacks take advantage of previously unknown vulnerabilities before patches are available.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    of 3

    Denial of Service attack

    A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt
    to make a computer resource unavailable to its intended users. Although the means to carry out,
    motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a
    person or people to prevent an Internet site or service from functioning efficiently or at all, temporarily
    or indefinitely.

    DDoS attack types include:

    UDP Flood
     A UDP flood, by definition, is any DDoS attack that floods a target with User Datagram Protocol
    (UDP) packets
     The goal of the attack is to flood random ports on a remote host
     This causes the host to repeatedly check for the application listening at that port, and (when no
    application is found) reply with an ICMP ‘Destination Unreachable’ packet
     This process saps host resources, which can ultimately lead to inaccessibility

    ICMP (Ping) Flood


     Similar in principle to the UDP flood attack, an ICMP flood overwhelms the target resource with
    ICMP Echo Request (ping) packets, generally sending packets as fast as possible without waiting
    for replies
     This type of attack can consume both outgoing and incoming bandwidth, since the victim’s
    servers will often attempt to respond with ICMP Echo Reply packets, resulting a significant
    overall system slowdown
    Ping of Death
     A ping of death (“POD”) attack involves the attacker sending multiple malformed or malicious
    pings to a computer
     The maximum packet length of an IP packet (including header) is 65,535 bytes. However, the
    Data Link Layer usually poses limits to the maximum frame size – for example 1500 bytes over
    an Ethernet network
     In this case, a large IP packet is split across multiple IP packets (known as fragments), and the
    recipient host reassembles the IP fragments into the complete packet
     In a Ping of Death scenario, following malicious manipulation of fragment content, the recipient
    ends up with an IP packet which is larger than 65,535 bytes when reassembled
     This can overflow memory buffers allocated for the packet, causing denial of service for
    legitimate packets

    Slowloris
     Slowloris is a highly-targeted attack, enabling one web server to take down another server,
    without affecting other services or ports on the target network
     Slowloris does this by holding as many connections to the target web server open for as long as
    possible
     It accomplishes this by creating connections to the target server, but sending only a partial
    request
     Slowloris constantly sends more HTTP headers, but never completes a request. The targeted
    server keeps each of these false connections open
     This eventually overflows the maximum concurrent connection pool, and leads to denial of
    additional connections from legitimate clients

    NTP Amplification
     In NTP amplification attacks, the perpetrator exploits publically-accessible Network Time
    Protocol (NTP) servers to overwhelm a targeted server with UDP traffic
     The attack is defined as an amplification assault because the query-to-response ratio in such
    scenarios is anywhere between 1:20 and 1:200 or more
     This means that any attacker that obtains a list of open NTP servers (e.g., by a using tool like
    Metasploit or data from the Open NTP Project) can easily generate a devastating high-
    bandwidth, high-volume DDoS attack.

    HTTP Flood
     In an HTTP flood DDoS attack, the attacker exploits seemingly-legitimate HTTP GET or POST
    requests to attack a web server or application
     HTTP floods do not use malformed packets, spoofing or reflection techniques, and require less
    bandwidth than other attacks to bring down the targeted site or server
     The attack is most effective when it forces the server or application to allocate the maximum
    resources possible in response to every single request
    SYN Flood attack
    SYN flood is a form of denial-of-service attack in which an attacker sends a succession of SYN requests
    to a target's system. Normally runs like a three way handshake:
    1. The client requests a connection by sending a SYN (synchronize) message to the server.
    2. The server acknowledges this request by sending SYN-ACK back to the client.
    3. The client responds with an ACK, and the connection is established.
    When the attacking computer doesn’t reply to the SYN-ACK sent by the server it consumes resources
    and
    when this process is repeated a large number of times the server is rendered incapable of responding.

    Zero-day DDoS Attacks


    The “Zero-day” definition encompasses all unknown or new attacks, exploiting vulnerabilities for which
    no patch has yet been released. The term is well-known amongst the members of the hacker
    community, where the practice of trading zero-day vulnerabilities has become a popular activity.

    You might also like