CNT4403 Denial of Service

Why do Denial of Service attacks work?

The main reason is that it’s Easier to Attack Than to Defend. There is a big "resource imbalance" on the Internet. This means it takes very little effort for an attacker to send a messy request, but it takes a lot of effort for the victim's computer to process it. For example, sending a "SYN packet" (a type of digital hello) costs the attacker almost nothing, but the server has to use up valuable memory to answer it.

Brute Force DoS

A type of attack that overwhelms a resource with a flood of legitimate-looking requests.

Semantic DoS

A type of attack that takes advantage of an "artificial" limitation or protocol vulnerability to deny service. Examples include "Ping of Death," "Land" attacks, and SYN-floods.

Distributed Denial of Service (DDoS)

Network-oriented attacks from multiple sources aimed at preventing access to a network, host, or service by saturating it with traffic or consuming its resources.

E2E (End-to-End) Argument

The network design principle that all intelligence should be at the edges of the network, making the core network robust and scalable but difficult to police.

Why is DDoS possible? (Reason 1)

There's Too Many Unlocked Doors. Considering that the internet is an open system, means there are millions of devices (end-points) connected to the web. Attackers can take over these insecure computers and "remote control" them to join in on a massive attack.

Why is DDoS possible? (Reason 2)

There's No "Traffic Police" in the Middle of The Internet. The internet follows a design rule called the "E2E argument" (End-to-End). This means the network is designed to be smart at the "edges" (like your computer or a website's server) but simple in the middle. The middle part of the network just moves data along without looking inside. Because of this, the network has no real ability to "police" the traffic. It can't tell the difference between a friendly visit and an attack, so it lets the bad traffic through just as easily as the good traffic.

How can we stop DDoS? (Solution 1)

One way to prevent DDoS attacks is to use Traffic Checks (Filtering). One way to stop attacks is to act like a security guard at the door. This is called Ingress/Egress Filtering. It checks traffic coming in and going out to see if the "return addresses" (IP addresses) are real. This helps stop attackers who are "spoofing" (faking) their identity. The sources say the "real solution" often involves large Internet Service Providers (ISPs) policing these entry and exit points very carefully to filter out bad traffic.