Pages

Banner 468 x 60px

 

Sunday, March 20

Denial of Service Attacks - 2

2 comments

As in my last post of Understanding Denial of Service Attacks I am continuing about DOS(Denial of Service Attacks)

The denial of service attack is statistically the most used malicious attack out of them all. This stems from the ease of use of the attack, as well as the alarming lethality. Literally anyone can bring down a website with a simple command prompt. The question is how to protect against an attack that can cripple your network or website in a matter of minutes?

Types of Denial of Service Attacks

If you are going to protect against an attack, you first have to know how it works. You must familiarize yourself with the different variations, methods, and plans of attacks that hackers use.

We are having 7 different classifications of denial of service attacks.

Ping Flood

The most basic of attacks is the ping flood attack. It relies on the ICMP echo command, more popularly known as ping . In legitimate situations the ping command is used by network administrators to test connectivity between two computers. In the ping flood attack, it is used to flood large amounts of data packets to the victim’s computer in an attempt to overload it. You can see an example of the ping flood attack below.



This type of attack is generally useless on larger networks or websites. This is because only one computer is being used to flood the victim’s resources. If we were to use a group of computers, then the attack would become a distributed denial of service attack, or DDoS.

The most common cure to the ping flood attack is to simply ban the IP address from accessing your network. A distributed denial of service attack is a bit more complex, but we will take a look at them later on.

Ping of Death

The Ping of Death attack involved sending IP packets of a size greater than 65,535 bytes to the target computer. IP packets of this size are illegal, but the attacker can be built that are capable of creating them. An ICMP echo request with more than 65,507(65,535-20-8) bytes of data could cause a remote system to crash while reassembling the packet fragments.



Luckily, most devices created after 1998 are immune to this kind of attack. If you are running a network with outdated devices this will indeed be a possible threat to your network. In this case, upgrade your devices if possible.

Smurf/Smurfing

The Smurf attack is a way of generating significant computer network traffic on a victim network. This is a type of denial-of-service attack that floods a target system via spoofed broadcast ping messages.

Most firewalls protect against smurf attacks, but if you do notice one, there are several things you can do. If you have access to the router your network or website is on, simply tell it to not forward packets to broadcast addresses. In a Cisco router, simply use the command: no ip directed-broadcast.

This won’t necessarily nullify the smurf attack, but it will greatly reduce the impact and also prevent your network or website from attacking others by passing on the attack. Optionally, you could upgrade your router to newer Cisco routers, which automatically filter out the spoofed IP addresses that smurf attacks rely on.

Fraggle 

A Fraggle attack is exactly the same as a smurf attack, except that it uses the user datagram protocol, or UDP, rather than the more common transmission control protocol, or TCP. Fraggle attacks, like smurf attacks, are starting to become outdated and are commonly stopped by most firewalls or routers.

This attack is generally less powerful than the smurf attack, since the TCP protocol is much more widely used than the UDP protocol.

SYN Flood 


The SYN flood attack takes advantage of the TCP three-way handshake. This method operates two separate ways. Both methods attempt to start a three-way handshake, but not complete it. You can view the proper three-way handshake below.

The first attack method can be achieved when the attacker sends a synchronize request, or SYN, with a spoofed IP address. When the server tries to send back a SYN-ACK request, or synchronize-acknowledge request, it will obviously not get a response. This means that the server never obtains the client’s ACK request, and resources are left half-open.

Alternatively, the attacker can just choose to not send the acknowledgement request. Both of these methods stall the server, who is patiently waiting for the ACK request. Thankfully, this hole in the three-way handshake has been patched for years, just like the ping of death attack. Should you suspect that your older devices are the subject of this attack, upgrade them immediately.

Teardrop


In the teardrop attack, packet fragments are sent in a jumbled and confused order. When the receiving device attempts to reassemble them, it obviously won’t know how to handle the request. Older versions of operating systems will simply just crash when this occurs.

Operating systems such as Windows NT, Windows 95, and even Linux versions prior to version 2.1.63 are vulnerable to the teardrop attack. As stated earlier, upgrading your network hardware and software is the best way to stay secure from these types of attacks.

Distributed Denial of Service

A distributed denial of service attack, or DDoS, is much like the ping flood method, only multiple computers are being used. In this instance, the computers that are being used may or may not be aware of the fact that they are attacking a website or network. Trojans and viruses commonly give the hacker control of a computer, and thus, the ability to use them for attack. In this case the victim computers are called zombies.


A DDoS attack is very tough to overcome. The first thing to do is to contact your hosting provider or internet service provider, depending on what is under attack. They will usually be able to filter out the bulk of the traffic based on where it’s coming from. For more large-scale attacks, you’ll have to become more creative.

Prevent / Defend ourselves from this Attacks 

Conduct regular  audits on each host on the network to find installation of DDOS Tools/Vulnerable Applications
Audit network on regular basis to see your network is vulnerable to attacks 

2 comments:

Unknown said...

Well, Excellent Information You Have Placed. We are Accuprosys, Accuprosys is a boutique business Consulting firm head quartered in Hyderabad. We provide end to end Consulting business Solutions to various corporates across mid market segments in India. Over the years, we have supported several organizations to emerge as successful business entities by keeping pace with their day to day business requirements. For more information click here Accuprosys

Sanjida Yasmin said...

We provide end to end Consulting business Solutions to various corporates across mid market segments in India

Post a Comment