6 - Denial of Service

Denial-of-Service attack

An action that prevents or impairs the authorized use of
networks, systems, or applications by exhausting
resources such as central processing units (CPU), memory,
bandwidth, and disk space.

resources that would be attacked by DoS

-network badwith

-systems resources

-application resources

classic DoS atatcks

-flooding ping command

-SYN spoofing

-ddos attacks

-flooding ping command

Aim of this attack is to overwhelm the capacity of the network
connection to the target organization

-SYN spoofing

This attacks the ability of a network server to
respond to TCP connection requests by
overflowing the tables used to manage such
connections.

ddos attacks

use of multiple systems to generate attacks

VoIP Attack

flood a SIP proxy with several invite requests

http attack

An HTTP flood refers to an attack that bombards Web
servers with HTTP requests.

Slowloris

sends http requests that never complete

DNS reflection aomplification attack

Because of the amplification achieved, the attacker need only generate a
moderate flow of packets to cause a larger, amplified flow to flood and
overflow the link to the target system.

DoS attack prevention

-block spoofed source addresses

-use modified TCP connection handling code

-block ip directed broadcast

-block suspicious services and combinations

-manage application attacks with a form of graphical puzzle

-good general system security practices

Response to DoS attacks

-anti-spoofing

-directed broadcast

-rate limiting filters

-network monitors

-IDS(DETEC AND NOTIFY ABNORMAL BEHAVIOR)

Responding to DoS

-identify type

-have ISP trace packet flow back to source

-implement contigency plan

-update incident response plan