Scribd
Upload
193 views3 pages

Denial of Service Attack

A denial-of-service (DoS) attack aims to make a machine or network resource unavailable to its intended users. This is done by flooding the target with traffic to consume its resources and prevent legitimate requests from being fulfilled. Common DDoS attack types work by overwhelming the target with UDP, ICMP, or HTTP requests, exploiting the NTP amplification effect, or opening many spoofed connections in a SYN flood. Zero-day DDoS attacks take advantage of previously unknown vulnerabilities before patches are available.

Uploaded by

Suryansh Singh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
193 views3 pages

Denial of Service Attack

A denial-of-service (DoS) attack aims to make a machine or network resource unavailable to its intended users. This is done by flooding the target with traffic to consume its resources and prevent legitimate requests from being fulfilled. Common DDoS attack types work by overwhelming the target with UDP, ICMP, or HTTP requests, exploiting the NTP amplification effect, or opening many spoofed connections in a SYN flood. Zero-day DDoS attacks take advantage of previously unknown vulnerabilities before patches are available.

Uploaded by

Suryansh Singh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Denial of Service attack

A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt
to make a computer resource unavailable to its intended users. Although the means to carry out,
motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a
person or people to prevent an Internet site or service from functioning efficiently or at all, temporarily
or indefinitely.

DDoS attack types include:

UDP Flood
 A UDP flood, by definition, is any DDoS attack that floods a target with User Datagram Protocol
(UDP) packets
 The goal of the attack is to flood random ports on a remote host
 This causes the host to repeatedly check for the application listening at that port, and (when no
application is found) reply with an ICMP ‘Destination Unreachable’ packet
 This process saps host resources, which can ultimately lead to inaccessibility

ICMP (Ping) Flood


 Similar in principle to the UDP flood attack, an ICMP flood overwhelms the target resource with
ICMP Echo Request (ping) packets, generally sending packets as fast as possible without waiting
for replies
 This type of attack can consume both outgoing and incoming bandwidth, since the victim’s
servers will often attempt to respond with ICMP Echo Reply packets, resulting a significant
overall system slowdown
Ping of Death
 A ping of death (“POD”) attack involves the attacker sending multiple malformed or malicious
pings to a computer
 The maximum packet length of an IP packet (including header) is 65,535 bytes. However, the
Data Link Layer usually poses limits to the maximum frame size – for example 1500 bytes over
an Ethernet network
 In this case, a large IP packet is split across multiple IP packets (known as fragments), and the
recipient host reassembles the IP fragments into the complete packet
 In a Ping of Death scenario, following malicious manipulation of fragment content, the recipient
ends up with an IP packet which is larger than 65,535 bytes when reassembled
 This can overflow memory buffers allocated for the packet, causing denial of service for
legitimate packets

Slowloris
 Slowloris is a highly-targeted attack, enabling one web server to take down another server,
without affecting other services or ports on the target network
 Slowloris does this by holding as many connections to the target web server open for as long as
possible
 It accomplishes this by creating connections to the target server, but sending only a partial
request
 Slowloris constantly sends more HTTP headers, but never completes a request. The targeted
server keeps each of these false connections open
 This eventually overflows the maximum concurrent connection pool, and leads to denial of
additional connections from legitimate clients

NTP Amplification
 In NTP amplification attacks, the perpetrator exploits publically-accessible Network Time
Protocol (NTP) servers to overwhelm a targeted server with UDP traffic
 The attack is defined as an amplification assault because the query-to-response ratio in such
scenarios is anywhere between 1:20 and 1:200 or more
 This means that any attacker that obtains a list of open NTP servers (e.g., by a using tool like
Metasploit or data from the Open NTP Project) can easily generate a devastating high-
bandwidth, high-volume DDoS attack.

HTTP Flood
 In an HTTP flood DDoS attack, the attacker exploits seemingly-legitimate HTTP GET or POST
requests to attack a web server or application
 HTTP floods do not use malformed packets, spoofing or reflection techniques, and require less
bandwidth than other attacks to bring down the targeted site or server
 The attack is most effective when it forces the server or application to allocate the maximum
resources possible in response to every single request
SYN Flood attack
SYN flood is a form of denial-of-service attack in which an attacker sends a succession of SYN requests
to a target's system. Normally runs like a three way handshake:
1. The client requests a connection by sending a SYN (synchronize) message to the server.
2. The server acknowledges this request by sending SYN-ACK back to the client.
3. The client responds with an ACK, and the connection is established.
When the attacking computer doesn’t reply to the SYN-ACK sent by the server it consumes resources
and
when this process is repeated a large number of times the server is rendered incapable of responding.

Zero-day DDoS Attacks


The “Zero-day” definition encompasses all unknown or new attacks, exploiting vulnerabilities for which
no patch has yet been released. The term is well-known amongst the members of the hacker
community, where the practice of trading zero-day vulnerabilities has become a popular activity.

You might also like