Johnny Stinson SEC110-IT1-11Denial of Service and Hijacking attacksSince the creation of the internet, computer systems and networks became vulnerable to onlineattackers. Many of these attacks focus on the actual network structure itself, the main objectivebeing a complete crippling shutdown or crash of the system or network. A vast amount of theseattacks are considered “Denial of Service” or DoS attacks. These attacks are concentrated ondepriving the user or organization the services and information resources that they wouldnormally have access to.A LAND (Local Area Network Denial) attack is a DoS attack that exploits a vulnerability in anetwork. It was first discovered in 1997 and has been able to attack many different operatingsystems, even as recent as Windows XP. The LAND attack sends a TCP SYN packet, which isessentially a message between computers to establish a connection. This SYN packet is“spoofed” or altered in a way that causes the victim’s system to send a reply packet to itself instead of the other computer. This causes the system to enter into an infinite loop, sending andreceiving its own packets, ultimately causing it to crash. This attack can cause damage to thenetwork by disabling and denying the use of the compromised systems, thus affecting theavailability of the network. To combat and also discover these types of attacks, firewalls shouldbe used to intercept the spoofed packet. It should also be configured to block traffic where thesource IP address is the same as the destination IP address. Operating systems should also beupdated and patched to fix this security hole.The Ping of Death attack also exploits systems with altered packets. The ping packets it sendsare larger and exceed the maximum length. Sending a packet larger than the 65,535 byte limitfor IPv4 packet size causes a critical error. When the victim system receives this packet it triesto read it and it causes a buffer overflow, which leads to a system crash. This attack causes thesystems to become disabled and the system availability is interrupted. To detect this there arenow countermeasures in place that deal with packet sizes. The fix for the problem is to addchecks in the reading of the packet. The size of the packet should be determined beforereconstructing it for the system to interact with it. If it is larger than the limit, the packet is invalidand ignored. Many firewalls perform this check and can be used for older systems that do nothave this bug fixed. This bug is patched in most current operating systems and is considered tobe more of a historical attack from the early days of the internet.
The denial-of-service attacks known as “Smurf attack” involves flooding forged ICMP echorequest packets, also known as ping packets. On IP networks, a ping packet can be directedto another single machine or to an IP broadcast address, sending the packet across thewhole network. These attacks can result in large amounts of ICMP echo reply packets beingsent from the outside systems and cause outages and network congestion. This affects theavailability of the network, focusing more on the network itself than the affected computers.
The RPC Spoofing Denial of Service attack, nicknamed “Snork” is an attack on a system thataims to render the computer unusable bycausing the system to consume 100% CPU usage for an extended period of time. Snork attacks an exploit in the Windows NT framework by sendinga spoofed UDP packet to the RPC service (Remote Procedure Call). The Windows NT RemoteProcedure Call service replies to bad datagrams sent to User Datagram Protocol (UDP) port135 with a "Reject" packet addressed to the sender, resulting in a loop of datagrams being sentbetween the two machines until a packet is dropped. These packets are repeatedly sent in