Denial of Service
Denial of Service
Denial of Service
Kevin LaMantia
COSC 316
Introduction
What DoS is
Symptoms of an attack
Methods of attack
Types of Attacks
How to defend
Conclusion
DoS attacks can also lead to problems in the network branches around the actual
computer being attacked
Ex: The bandwidth of a router between the Internet and a LAN may be consumed by
an attack, compromising not only the intended computer, but also the entire network
or other computers on the LAN
Attacks can be very large and compromise Internet connectivity for an entire
geographical region
Methods of Attack
A DoS attack can be perpetrated in a number of ways, five
basic ways are:
1. Consumption of computational resources, such as
bandwidth, memory, disk space, or processor time
2. Disruption of configuration information, such as routing
information
3. Disruption of state information, such as unsolicited
resetting of TCP sessions
4. Disruption of physical network components
5. Obstructing the communication media between the
intended users and the victim so that they can no longer
communicate adequately
Smurf Attack
An attack in which large numbers of Internet
Control Message Protocol (ICMP) packets with the
intended victims spoofed source IP are broadcast
to a computer network using an IP Broadcast
address
Most devices on a network will respond, by default,
to the source IP address
If there are a lot of machines on a network, it will
cause the victims computer to be flooded with traffic
Ping of Death
A type of attack on a computer that involves
sending a malformed or otherwise malicious
ping to a computer
How it works:
Historically many computer systems couldnt
handle a ping packet, normally 56 bytes, larger
than the maximum IPv4 packet size of 65,535
bytes
This would cause the system to crash
Ping Flood
Based on sending the victim an overwhelming
number of ping packets, usually using the ping
command from Unix-like hosts
It is much less capable of overwhelming a target if
the attack comes from a Windows system
Does not allow packet sizes greater then 65500
Nuke
An old DoS attack that consisted of fragmented or invalid ICMP
packets sent to a target
Achieved by using a modified ping utility to repeatedly send this
corrupt data
Slowed down the affected computer until it comes to a complete
stop
Example:
WinNuke
Exploited a vulnerability in the NetBIOS handler in Windows 95
Locked up victims computer causing Blue Screen of Death
SYN Flood
An attack that sends a succession of SYN (Synchronize)
requests to a targets system in an attempt to consume
enough server resources to make the system unresponsive to
legitimate traffic
How it works:
It corrupts the TCP three-way handshake
Doesnt respond back to the client with the ACK code or
spoofing the source IP address in the SYN causing the server to
send the SYN_ACK to a false IP
Causes the server to wait for acknowledgement for some time
Causes congestion by using up resources until no new
connections can be made
How to Defend
Unfortunately, there are no effective ways to prevent
being the victim of a DoS or DDoS attack
There are steps you can take to reduce the likelihood
that an attacker will use your computer to attack other
computers
Install and maintain anti-virus software
Install a firewall, and configure it to restrict traffic
coming into and leaving your computer
Follow good security practices for distributing your
email address. Applying email filters may help you
manage unwanted traffic
Conclusion
What DoS is
The Symptoms of an attack
Methods of Attack
Different Types of Attacks
How to Defend from Attacks
Questions?
Works Cited
Google Ideas. (2013). Understanding Distributed Denial of Service
Attacks. Retrieved from Youtube.com: http://
www.youtube.com/watch?v=0VutW15kEZM
McDowell, M. (n.d.). Understanding Denial-of-Service Attacks.
Retrieved from US-CERT.gov: http://
www.us-cert.gov/ncas/tips/ST04-015
Webopedia. (n.d.). DoS attack. Retrieved from webopedia.com:
http://www.webopedia.com/TERM/D/DoS_attack.html
Wikipedia. (n.d.). Denial of Service. Retrieved from Wikipedia: http://
en.wikipedia.org/wiki/Denial-of-service_attack#Methods_of_attack