The denial of service attack is statistically the most used malicious attack out of them all. This stems from the ease of use of the attack, as well as the alarming lethality. Literally anyone can bring down a website with a simple command prompt. The question is how to protect against an attack that can cripple your network or website in a matter of minutes?
Types of Denial of Service Attacks
If you are going to protect against an attack, you first have to know how it works. You must familiarize yourself with the different variations, methods, and plans of attacks that hackers use.
We are having 7 different classifications of denial of service attacks.
The most basic of attacks is the ping flood attack. It relies on the ICMP echo command, more popularly known as ping . In legitimate situations the ping command is used by network administrators to test connectivity between two computers. In the ping flood attack, it is used to flood large amounts of data packets to the victim’s computer in an attempt to overload it. You can see an example of the ping flood attack below.
This type of attack is generally useless on larger networks or websites. This is because only one computer is being used to flood the victim’s resources. If we were to use a group of computers, then the attack would become a distributed denial of service attack, or DDoS.
The most common cure to the ping flood attack is to simply ban the IP address from accessing your network. A distributed denial of service attack is a bit more complex, but we will take a look at them later on.
Ping of Death
The Ping of Death attack involved sending IP packets of a size greater than 65,535 bytes to the target computer. IP packets of this size are illegal, but the attacker can be built that are capable of creating them. An ICMP echo request with more than 65,507(65,535-20-8) bytes of data could cause a remote system to crash while reassembling the packet fragments.
This won’t necessarily nullify the smurf attack, but it will greatly reduce the impact and also prevent your network or website from attacking others by passing on the attack. Optionally, you could upgrade your router to newer Cisco routers, which automatically filter out the spoofed IP addresses that smurf attacks rely on.
A Fraggle attack is exactly the same as a smurf attack, except that it uses the user datagram protocol, or UDP, rather than the more common transmission control protocol, or TCP. Fraggle attacks, like smurf attacks, are starting to become outdated and are commonly stopped by most firewalls or routers.
This attack is generally less powerful than the smurf attack, since the TCP protocol is much more widely used than the UDP protocol.
The SYN flood attack takes advantage of the TCP three-way handshake. This method operates two separate ways. Both methods attempt to start a three-way handshake, but not complete it. You can view the proper three-way handshake below.
The first attack method can be achieved when the attacker sends a synchronize request, or SYN, with a spoofed IP address. When the server tries to send back a SYN-ACK request, or synchronize-acknowledge request, it will obviously not get a response. This means that the server never obtains the client’s ACK request, and resources are left half-open.
Alternatively, the attacker can just choose to not send the acknowledgement request. Both of these methods stall the server, who is patiently waiting for the ACK request. Thankfully, this hole in the three-way handshake has been patched for years, just like the ping of death attack. Should you suspect that your older devices are the subject of this attack, upgrade them immediately.
Operating systems such as Windows NT, Windows 95, and even Linux versions prior to version 2.1.63 are vulnerable to the teardrop attack. As stated earlier, upgrading your network hardware and software is the best way to stay secure from these types of attacks.
Distributed Denial of ServiceA distributed denial of service attack, or DDoS, is much like the ping flood method, only multiple computers are being used. In this instance, the computers that are being used may or may not be aware of the fact that they are attacking a website or network. Trojans and viruses commonly give the hacker control of a computer, and thus, the ability to use them for attack. In this case the victim computers are called zombies.
A DDoS attack is very tough to overcome. The first thing to do is to contact your hosting provider or internet service provider, depending on what is under attack. They will usually be able to filter out the bulk of the traffic based on where it’s coming from. For more large-scale attacks, you’ll have to become more creative.