Denial-of-Service (DoS) Attack and its Types

Computer NetworkInternetMCA

What is a Denial-of-Service Attack?

A Denial-of-Service (DoS) attack is an attack on a computer network that limits, restricts, or stops authorized users from accessing system resources.

  • DoS attacks work by flooding the target with traffic or sending it data that causes it to crash. It deprives genuine users of the service or resources they expect to receive.

  • DoS assaults frequently target high-profile corporations such as banks, commerce, media companies, and government and trade organizations' web servers.

  • Even through DoS assaults seldom result in the theft or loss of critical information or other assets, they can take a lot of time and money to cope with.

Types of DoS Attacks

DoS attacks can be carried out in two ways − flooding or crashing systems. Flood assaults happen when a system receives too much traffic for the server to buffer, leading it to slow down and eventually stop responding. Some of the attacks are −

Attacks to the Volumetric System

This is an attack in which a network's whole bandwidth is utilized, preventing authorized clients from accessing resources. This is accomplished by flooding network equipment such as hubs or switches with multiple ICMP echo request/reply packets, consuming all available bandwidth and preventing other clients from connecting to the target network.

Flooding at the Application Layer

In this form of attack, an attacker floods the service with requests from a fake IP address to slow or crash it, as seen in. This could be in the form of millions of requests per second or a few thousand requests to a resource-intensive service that chews up resources until the service can no longer process them.

Unintended Denial of Service Attacks

Not all denial-of-service assaults are malicious. The "unintended" Denial of Service attack is the third type of attack. "The Slashdot Effect (opens new window)" is the archetypal example of an accidental DDoS. Slashdot is a news website where anyone may upload stories and links to other websites.

If a connected story gets popular, millions of people may visit the site, causing it to become overburdened with requests. The extra traffic can slow or even crash the linked site if the site isn't constructed to handle that kind of demand. Another excellent example of an unintended DoS is Reddit and "The Reddit Hug of Death (opens new window)."

ICMP Flood

It takes advantage of misconfigured network devices by delivering faked packets that ping every computer on the targeted network rather than just one. The network is then activated to increase the traffic volume. The "smurf attack" or "ping of death" is another name for this attack.

SYN Flood

It submits a connection request to a server but does not complete the handshake. It continues until all open ports are flooded with requests, and no legitimate users can connect to them.

Plashing

This is accomplished by permanently damaging the system hardware by sending fake updates to the hardware, rendering it inoperable. Reinstalling the hardware is the only option.

How to Protect Yourself from DoS Attacks?

Prevent spoofing by ensuring that traffic has a source address that matches the list of addresses for the declared site of origin and filters to prevent spoofing of dial-up connections.

  • Limit broadcasting − Many assaults transmit requests to all network devices, magnifying the attack. Attacks can be disrupted by limiting or shutting off broadcast forwarding where possible. When possible, users can also turn off the echo and CHARGEN (Character Generator Protocol) services.

  • Endpoint protection − Make sure all endpoints are patched to eliminate known vulnerabilities. EDR agents should be installed on all endpoints that are capable of running them.

  • Set up firewalls − Check to see if your firewalls limit inbound and outbound traffic across the perimeter.

  • Monitor the network − The more you know about typical inbound traffic, the faster you'll be able to recognize the beginning of a DoS attack. Real-time visibility with network detection and response (NDR) is a quick and easy approach to keep a profile of how your network should look (using machine learning), so you can see abnormal peaks right away.

raja
Published on 27-Aug-2021 06:29:47
Advertisements