2.5 - Denial of Service (DoS)

Denial of Service (DoS) Attacks

  • Definition: A denial of service attack occurs when an attacker forces a particular service to fail, rendering it inaccessible for users who need to access it to perform their work.

  • Characteristics of DoS Attacks:

    • Disables system functionality for legitimate users, creating system unavailability.

    • Attacker may either overwhelm a server's capability or exploit vulnerabilities.

  • Basic Mechanism:

    • Example: An attacker might use hundreds or thousands of devices simultaneously trying to access a system, exceeding its capacity.

    • Vulnerabilities may involve flaws in software or design failures in the system.

  • Consequences of Denial of Service:

    • Results in inaccessibility of a service for all users.

    • Technical personnel may spend time resolving the DoS issue, distracting them from addressing other potential vulnerabilities elsewhere.

  • Simplicity of DoS Attacks:

    • Real-World Example of a Simplistic DoS:

    • An individual could simply turn off the main power supply to the building, leading to service denial.

    • Unintentional self-inflicted denial of service scenarios that can occur include:

    • Networking Loop: Connects two switches with separate cables if Spanning Tree Protocol is off, causing an immediate network denial of service.

    • Bandwidth Saturation: Downloading large files (e.g., a Linux distribution) on a sluggish internet connection, monopolizing available bandwidth and slowing down access for all other users.

    • Water Damage Example: Water leakage from a broken coffee machine supply on a weekend caused outages at the data center located on a lower floor.

Distributed Denial of Service (DDoS)

  • Definition: DDoS is an advanced form of denial of service attack that leverages multiple systems, usually located across the globe, to execute the attack.

  • Botnets:

    • DDoS attacks often utilize botnets, which comprise millions of devices infected by malware.

    • Example of a Botnet: The Zeus botnet, with approximately 3.6 million infected devices, can carry out coordinated attacks on a targeted device.

    • Users whose devices are part of the botnet typically remain unaware that their systems are being exploited, functioning normally while in the background they become "zombies" under the botnet controller's command.

  • Identification and Mitigation of DDoS Attacks:

    • Some DDoS attacks can be identified by analyzing packet information. If packets are highly uniform, these can potentially be filtered at the firewall.

    • Certain Internet Service Providers (ISPs) possess DDoS prevention systems within their networks, allowing them to intercept and mitigate perceived DDoS traffic before it reaches local networks.

    • Companies specializing in DDoS protection exist, such as CloudFlare, which employs reverse proxy capabilities. Customers can activate DDoS prevention measures to protect their servers from incoming attacks.