Understanding DoS Attacks: Mechanisms, Effects, and Countermeasures
This overview explores Denial of Service (DoS) attacks, detailing their operational mechanisms and impact. We discuss the exploitation of programming flaws, bandwidth consumption, resource starvation, and DNS attacks, including both traditional and distributed methods. Key attacks such as Smurf and SYN Flood are explained alongside their countermeasures. To mitigate risks, we emphasize the importance of staying updated with security developments, patching vulnerabilities, and implementing effective network configurations. By understanding these threats, organizations can better protect their systems.
Understanding DoS Attacks: Mechanisms, Effects, and Countermeasures
E N D
Presentation Transcript
Advanced Higher ComputingComputer Networking Topic 6: DoS Attacks
Effects of a DoS attack • Exploitation of programming flaws • Bandwidth consumption • Resource starvation (CPU resources, memory or hard disk space - often the result of 1 or 2) • DNS attacks • A combination of several of the above
How Dos Attacks work • Causing the machine to crash through a buffer overflow or other vulnerability • Flooding the target with network traffic • Monopolising the storage space or memory of the target by forcing it to log errors or by filling up message queues • Attacking the target from a number of locations simultaneously (Distributed DoS attack) Distributed attacks typically use remote machines compromised by viruses or trojans to launch the attack.
Buffer Overflow • Keep up to date with security developments • Patch servers as soon as a vulnerability is discovered • If possible allocate more memory to buffer
ICMP and UDP • Internet Control Messaging Protocol – used for diagnostic messaging like Ping, Traceroute etc • User Datagram Protocol – does not have error correction or acknowledgement, used for VOIP, streaming media etc.
Smurf Attack • Send a ping (ICMP) request to the broadcast address on a network • The ping request has a spoofed source IP address which becomes the victim of the flood of replies • A Fraggle attack uses the same system using UDP packets
Counteracting Smurf attacks • Configure network not to respond to a broadcast ICMP ECHO_REQUEST. • block spoofed outgoing packets • Lower the abort timeout for ECHO_REQUEST
SYN and ACK • SYN and ACK packets are part of the Transmission Control Protocol (TCP) and are used to set up a connection and acknowledge receipt of a message. TCP uses a three-way handshake: • The client sends a SYN to the server. • response, the server replies with a SYN-ACK. • Finally, the client sends an ACK back to the server.
SYN Flood • Send a large number of SYN packets with a spoof return address • The SYN/ACK packet is never acknowledged and so buffer is filled Counter-measure: • Increase buffer size, shorten time before unacknowledged packets are dropped or use a firewall to respond instead
Distributed DoS attack • Infect a large number of machines with a trojan program • Use a port scanner to detect the IP address of infected machines • Instruct infected machines to initiate DoS attack • Take machine which issued instruction off line to avoid detection
Countermeasures to Distributed DoS attack • Buy additional bandwidth • Block IP range of infected machines • Create and distribute “anti-virus virus”
DNS attacks • Bombard DNS servers with query from spoofed IP address which requires a verbose response • Poison the cache of the DNS server with false DNS information to redirect traffic from target machine to non-existent or alternative IP
Countermeasures to DNS attacks • Configure DNS servers not to respond to unexpected queries verbosely • Use a variety of platforms to run DNS servers • Keep DNS software (BIND) patched
