Denial of Service Attacks

07/20/2014 | By: Preston Hood | No Comments

Where do I start with Denial-of-Service (DoS) attacks? I guess I will start with saying that DoS attacks are very common and can be as simple as someone holding down the F5 key on their keyboard or they can be as complicated as a Distributed Denial-of-Service (DDoS) attack with thousands of botnets hitting an entire company’s network all at once.

What a DoS Attack Is
A DoS attack is someone trying to make a machine or network resource unavailable to its intended users.

What a DDoS Attack Is
A DDoS attack is the same thing as a DoS attack except it involves two or more users trying to take down a machine or network resource at the same time.

How the Attack Is Performed
There are so many different methods of preforming a DoS attack as I said above it can be as simple as someone holding down the F5 key on their keyboard or as complicated as a DDoS attack with thousands of botnets hitting an entire company’s network all at once. If you have a regular web browser like Microsoft Internet Explorer, Mozilla FireFox, or Apple Safari you can perform a DoS attack on a web server by simply refreshing the web page as much as possible. If the web server has a slow connection to the internet then it can be taken down by this method. If the web server is in a data center with a massive corporate network then it is going to be a lot harder than refreshing the web page hundreds or thousands of times. If you are dealing with a server on a corporate network then you will probably have to do a DDoS attack with hundreds or even thousands of botnets. This type of attack can be performed by using several different methods. I will describe a few of them in this article.

SYN flood
A SYN flood is when a host sends a flood of TCP/SYN packets. Each of these packets is handled like a connection request, which causes the server to spawn a half open connection. The server in response to the connection request sends back a TCP/SYN-ACK packet which is an acknowledgement, and then the server waits for an ACK packet which is another acknowledgement packet but from the sender this time. This packet never gets sent because it is a DoS attack not a legitimate request. This eventually will max out the number of open connections the server is able to make.

Internet Control Message Protocol (ICMP) flood
These types of attacks are DDoS attacks in which a large number of ICMP packets are sent from a spoofed source IP and sent to an IP broadcast address on a network. Most of the systems on the network will respond to this by sending a reply to the source IP address. If a lot of the systems on the network receive and respond to these requests then the victim’s system will be flooded with traffic.

Permanent denial-of-service attacks
These types of DoS attacks are different from the ones I described above because with a PDoS attack the victim’s system is damaged to the point where it requires the hardware to be replaced. This attack is performed by exploiting security flaws that allow remote administration of the management interfaces in the systems hardware. The targets for this type of DoS attack are usually networking hardware like routers and switches. The attacker usually uses the security flaws I described above to replace the device’s firmware with a modified or corrupt one.

How to Protect Yourself
There are several different ways you can protect yourself from DoS attacks. If you are a company and hosting a website then I would recommend depending on the size of your company to either sign up for CloudFlare’s DoS protection service or have firewalls installed on your network that can help stop the type of attacks your company is experiencing. I have done both in the “real world”, I have deployed firewalls that have DoS protection built in and I have used CloudFlare’s DoS protection service to help stop DoS attacks from reaching the web servers I was working on. From my experience if you are a small company with only a few employees and are having problems with DoS attacks on your web server, then I would recommend just signing up for CloudFlare’s DoS protection service but if you are in the enterprise world and have a lot of money to spend then I would recommend going out and buying top of the line firewalls from Cisco and other venders out there.

 

Thank you all for taking the time to read this post and as always God bless!

The following two tabs change content below.
My Twitter profileMy Facebook profileMy LinkedIn profileMy Instagram profile

Preston Hood

Owner at PJHoodsCo
Hello, my name is Preston. I am the owner of a small business tech company. I also have an interest in researching/writing about information security and related topics.
My Twitter profileMy Facebook profileMy LinkedIn profileMy Instagram profile

Latest posts by Preston Hood (see all)

Categories: Information Technology, IT Security, and Preston Hood.
Tags: CloudFlare, DDoS, and DoS.

Leave a Reply

Your email address will not be published. Required fields are marked *

CAPTCHA Image

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>