39 - Denial of Service - CompTIA A+ 220-1202 - 2.5

Denial of Service Attacks

  • Definition: Denial of Service (DoS) attack refers to the intentional prevention of access to a service by overwhelming a server or exploiting vulnerabilities to render the service unavailable.

Types of Denial of Service Attacks

  • Simplified DoS Attack:

    • Involves flooding a server with requests from hundreds or thousands of devices simultaneously, overwhelming its capability to respond.

    • Result: Users cannot access the service, hindering their ability to perform work.

  • Exploit-Based DoS Attack:

    • Attacker exploits a specific combination of events, often involving software vulnerabilities or design failures in the system.

    • Result: System failure leading to unavailability of the service.

Consequences of DoS Attacks

  • Users find the service inaccessible, which can lead to significant downtime.

  • Technical staff may be diverted to resolve the denial of service issue, allowing attackers to explore vulnerabilities in unrelated systems.

Simplicity of Denial of Service Attacks

  • Unintentional Denial of Service:

    • Can occur due to self-inflicted actions within an organization's network.

    • Example: Connecting two switches with multiple cables without running Spanning Tree Protocol, which creates a loop in the network leading to a DoS.

  • Bandwidth-Related DoS:

    • Occurs when a user downloads a large file (e.g., a Linux distribution) over a limited bandwidth connection, consuming all available bandwidth and preventing others from accessing the Internet.

  • Environmental DoS:

    • Example: A coffee machine leaking water that eventually reaches the data center, causing outages even though the attack was not malicious.

Distributed Denial of Service (DDoS)

  • Definition: A Distributed Denial of Service (DDoS) attack involves multiple systems, often worldwide, launching an attack on a single target.

  • Botnets:

    • Advanced DDoS attacks utilize botnets, which are networks of compromised devices controlled by an attacker.

    • Example: Zeus botnet with 3,600,000 infected devices that can simultaneously launch an attack against one target.

  • Zombie Systems:

    • Devices participating in a botnet often do so without the owner’s knowledge.

    • These computers continue to function normally for their users while also carrying out malicious activities in the background.

Detection and Mitigation of DDoS Attacks

  • Packet Analysis:

    • Some DDoS attacks can be identified through packet information.

    • If packets are highly similar, they can be filtered out by firewalls.

  • ISP Solutions:

    • Some Internet Service Providers (ISPs) have DDoS mitigation systems integrated into their networks.

    • These systems can prevent malicious traffic from reaching a local network.

  • Third-Party Services:

    • Companies like Cloudflare provide reverse proxy capabilities that can help customers mitigate DDoS attacks before the traffic reaches their servers.

    • Users can enable DDoS prevention features provided by these services to enhance security and reliability.