Denial of Service

ANDY HOOK
What is Dos

 A denial of service (DoS) attack is an attempt to make a system, service or

network completely unusable to its intended users or significantly slow down
its performance by overloading its resources. In most cases, if an attacker is
unable to gain unauthorized access to the target system he finally decides to
carry out a DoS attack by trying to crash its resources. The aftermath of the
DoS attack can lead to financial losses especially if the affected website or
server is associated with e-commerce activities. It may also affect the
goodwill of the company or organization that has become a victim of the
attack as there is a clear chance of people losing trust in using its services.
What is DDOS

 A distributed denial of service(DDOS) attack happens when the

attack on the target host originates from multiple compromised
systems. Before launching the attack, the attacker compromises
multiple systems from one or more networks using trojans and other
techniques. These compromised systems are known as zombies
where the attacker uses them to launch a DDoS attack on the final
target. The advantages of distributed denial of service is that since
multiple systems are used, the target can easily be flooded with too
much traffic eventually causing it to go down.
Smurf Attack

 In this type of DoS attack, the attacker broadcasts a large amount of Internet
Control Message Protocol (ICMP) echo request packets to a computer
network with a spoofed IP address of the target host (victim). This will
flood the target host with lots of ping replies (ICMP echo replies) from the
network which makes it impossible to handle. There is also a variant of
smurf attack called fraggle attack where UDP packets are used instead of
ICMP packets. The following figure illustrates the mechanism of a smurf
attack:
Ping of Death (POD)

 In this kind of attack, the attacker deliberately sends an IP packet larger than the
allowed size of 65,535 bytes. Since the size exceeds the maximum allowed
limit, it is split across multiple IP packets known as fragments and sent to the
target host. However, when the target tries to reassemble the packet on its end,
the fragments add up to more than the allowed size of 65,535 bytes. Being
unable to handle oversized packets, the operating system will freeze, reboot or
simply crash thereby causing all the services running on it to become
unavailable to the legitimate users. In this way, the attacker becomes successful
in causing a denial of service using the ping of death technique.
 Teardrop Attack

 Teardrop attack involves sending IP fragments with oversized payload and

overlapping offset value especially in the second or later fragment. If the receiving
operating system is unable to aggregate the packets accordingly, it can lead to
system crash.
 SYN Flood Attack

 The SYN flood attack exploits a known weakness in the TCP connection sequence
called the “three-way handshake”. According to this, a host sends SYN Request to
the target server which responds with a SYN-ACK back to the host. Finally the
requesting host sends an ACK Response back to the server which completes the
three-way handshake process to establish the connection. However, in case of a SYN
attack, a large number bogus TCP SYN requests are sent to the target server but the
SYN-ACK response sent back from the server is not answered. Sometimes the
attacker may even use a spoofed IP address while sending a SYN request. For each
SYN request from the attacker, the victim server allocates resources and keeps
waiting for the ACK from the requesting source (attacker). Since no ACK is received,
the server gets flooded with a large amount of half-open connections thereby leading
to resource exhaustion resulting in a denial of service