written by: Lashan Clarke•edited by: Bill Bunter•updated: 1/13/2011
This article explains Denial of Service, its working, different types of DoS attacks and methods for prevention.
slide 1 of 3
Working And Different Types Of Denial Of Serive (DoS) Attack
A Denial of Service (Dos) attack targets a server or other network element in attempt to cripple or making it completely unavailable. It is unlike identity attacks, malicious code, phreaking and other basic attacks where the goal is to steal data or a resource.
The primary purpose of DoS attacks is to prevent legitimate users from accessing a certain resource. A DoS attacks can be initiated to consume limited or all resources, modify or destroy data or configuration information or to physically destroy or disturb network components.
When a Denial of Service attack is launched, it floods the network resources with requests and overwhelms it and keeps ignoring the server’s response because the attacking computer is programmed to ignore all server’s responses. The server awaits a response, which it never gets and the line remains busy. This result in increased traffic, making the system unable to handle this intensive activity, thus the server then becomes unavailable for other requests that come in. A Denial of Service attack launcher makes sure that the attack makes the server to run out of resources and performance is decreased or lost.
Some other common types of Denial of service attacks are:
Distributed Denial of Service
DDoS is another type of DoS attack. The attacker accomplishes it by using large number of computers. An attacker would typically find a way to access a large computer, having plenty of memory and fast broadband connection. Once the attacker successfully finds and “hijacks" the computer, he then loads software onto it that will scan thousand of vulnerable computers. If susceptibility is discovered in another computer, it gets malicious software installed on it – such a computer is now referred to as a “zombie" because they are virtually directed what to do as it is controlled by an outside source. The attacker will designate the handler to guide all zombies to target a specific server with requests, which will lead to a speedy DoS attack. The attack could be immense since thousand of zombies can have been hijacked and used to accomplish this and wreak scathe.
Permanent denial-of-service attacks
PDoS, is also known as phlashing .It is an attack that damages the system so severely that it requires replacement of re-installation of a hardware. A PDoS attack take advantage of security flaws in the remote management interfaces of the victim’s hardware (i.e routers, switch, AP, printer, etc). Vulnerabilities in the hardware make the job easier for an attacker to remotely corrupt the device firmware, resulting in permanently unusable hardware.
In a distributed reflected denial of service attack, computers are sent forged requests, getting them to reply. The attacker then sets the source address of those computers to the targeted victim. By doing this, all the flooded replies will go to the target.
An attacker makes clients of large peer-to-peer file sharing centre to disconnect from their peer-to-peer network and connect to the victim’s website. Consequently, thousands of computers start connecting to a target website, making the web server to degrade or even fail instantly.
Application level floods
Internet Relay Chat (IRC) is a common victim of DoS attacks. The IRC program is exploited by buffer overflow, which confuses the server software and fill the disk or consumes all available memory or processor’s resources. A DoS attack may depend on brute-force for flooding the target with flooding out of the data packets. The client can be made victim of a ‘banana attack, another type of DoS. It involves returning all outgoing messages from the client, hence preventing outside access.
slide 2 of 3
How To Defend A DoS Attack?
A common method of blocking a denial of service attack is to set up a filter on a network before an information packet reaches a site’s Web server. The filter can detect attacks by noticing patterns and identifiers contained in the information packet. And if a pattern comes in frequently, the filter will block messages containing that pattern.
Other prevention technologies that could be used include Intrusion prevention systems, firewalls, ACL capable switches and routers. An easiest method to survive a DoS attack is to have a plan beforehand.
slide 3 of 3
Denial of service attacks can cause serious disturbance to the system since it can virtually impair or disable a server or computer network. If an organization relies on an e-commerce site for their main business, a DoS attack can cause severe problems, affecting the business. Loss of significant money and time can be a consequence of a DoS attack.
DoS attacks are viewed as violations of Internet Architecture board (IAB). They are also considered violations of the law of various countries.