Computer Security Fundamentals - Chapter 4: Denial of Service Attacks

Computer Security Fundamentals

Chapter 4: Denial of Service Attacks

Chapter Objectives

  • Understand how DoS attacks are accomplished.

  • Know how certain types of DoS attacks work, such as SYN flood, Smurf, and distributed Denial of Service (DDoS) attacks.

  • Take specific measures to protect against DoS attacks.

  • Know how to defend against specific types of DoS attacks.

Overview of DoS Attacks

  • Definition:

    • Denial of Service (DoS) attacks are aimed at preventing legitimate users from accessing a system or service.

  • Characteristics:

    • One of the most common types of cyber attacks.

    • Requires minimal technical skill to execute.

  • Effectiveness:

    • Effective due to physical limitations of computers and systems:

    • Number of simultaneous users.

    • Size of files.

    • Speed of data transmission.

    • Amount of data stored.

Common Tools Used for DoS Attacks

  • Low Orbit Ion Cannon (LOIC):

    • A tool widely known for launching DoS attacks.

  • XOIC:

    • Similar in function to LOIC, providing similar capabilities for DoS attacks.

  • Tribal Flood Network (TFN) and TFN2K:

    • Can perform various types of flood attacks.

    • Capable of encrypted communication which can hide the attack.

    • The master of the network can spoof its IP address.

  • Stacheldraht:

    • Translates to "barbed wire" in German.

    • A DDoS attack tool that can conduct various flood and Smurf attacks.

Types of DoS Attacks
TCP SYN Flood Attacks

  • Mechanism:

    • The attacker sends a SYN packet to the target.

    • The receiver must allocate space in its buffer, awaiting a response.

    • The client responds with an ACK flag set.

  • Defensive Techniques:

    • Micro blocks.

    • SYN cookies.

    • RST cookies.

    • Upstream filtering.

    • Stateful Packet Inspection (SPI) firewalls.

Smurf IP Attacks

  • Mechanism:

    • The attacker sends out an ICMP broadcast packet with a spoofed source IP address.

    • Intermediary devices respond back to the target IP address, flooding it with responses.

  • Protection:

    • Guard against Trojan horses.

    • Use virus scanners and proxy servers.

    • Block all inbound broadcast packets at the firewall.

UDP Flood Attacks

  • Mechanism:

    • The attacker sends UDP packets to random ports on the target.

    • This generates illegitimate packets causing the system to utilize and tie up resources in sending back responses.

ICMP Flood Attacks

  • Mechanism:

    • Involves flooding a target with ping requests or UDP packets.

    • "Nuking" potentially exploits known bugs in operating systems.

Specific Types of DoS Attacks
The Ping of Death (PoD)

  • Description:

    • Sends a single large packet that most operating systems can handle without issue.

    • Vulnerability is less common in modern systems; keeping software and patches updated helps prevent it.

Teardrop Attacks

  • Description:

    • An attacker sends fragmented messages that the victim's system struggles to reconstruct, potentially causing it to halt or crash.

    • Variations of Teardrop include: TearDrop2, Boink, Nestea Boink, Targa, NewTear, and SYNdrop.

Land Attacks

  • Description:

    • A straightforward concept wherein an attacker sends a forged packet with identical source and destination IP addresses, causing the system to hang while trying to process the communication.

Distributed Denial of Service (DDoS) Attacks

  • Description:

    • Involves tricking routers to direct massive flood attacks at a targeted victim.

    • The target becomes overloaded and thus unreachable.

Other Types of DoS Attacks

  • DHCP starvation.

  • HTTP POST DoS attacks.

  • PDoS (Permanent Denial of Service) attacks.

  • Registration DoS attacks.

  • Login DoS attacks.

  • Yo-Yo attacks.

  • CLDAP reflection attacks.

  • Challenge collapsar (CC) attacks.

Real-World Examples of DoS Attacks

  • Google Attack.

  • AWS (Amazon Web Services) Attack.

  • Boston Globe Attack.

  • Memcache Attacks.

  • DDoS Blackmail incidents.

  • Mirai Botnet incident.

How to Defend Against DoS Attacks

  • In addition to previously mentioned protections:

    • Configuring firewalls to:

    • Filter out incoming ICMP packets.

    • Disallow any unauthorized incoming traffic.

    • Use network monitoring tools such as NetStat.

    • Block traffic originating from outside your trusted network.

    • Disable all IP broadcasts.

    • Filter both external and internal IP addresses.

    • Keep antivirus signatures, operating system updates, and software patches current.

    • Establish and enforce an Acceptable Use Policy (AUP).

Summary

  • DoS attacks represent one of the most prevalent and straightforward types of attacks on the Internet.

  • Although unsophisticated in nature, they can lead to significant damage and service disruption.

  • Constant vigilance and a robust protection strategy are essential in mitigating risks associated with DoS attacks.