Understanding Denial Of Service :-
Denial of service attacks have been around since the start of internet from the late 19’s. And as the internet was still in its initial stages the results were devastating. We are living in the modern age of Cyber Space and global connectivity all the business have been shifted online and those require constant access to the services but denial of service can have devastating consequences. The digital attack map is a website which provide the number of daily denial of service attack by collecting networks data.
In 2015 Kaspersky Labs created a survey of the damage done by these attacks, the cost of such an incident is between $52,000 and $444,000, as a result of the inability to carry out core business, loss of contracts and opportunities, credit rating impact. This is significant enough to justify external testing to ensure the business is resilient.
Types Of Attacks :-
There are number of ways in which denial of service attack can be carried out but it take a lot of time and enumeration, but we will be looking at the most common methods in which these attacks are carried out. Denial of service is name given to those cyber attacks which block the access to different business services, be that a website, or some other service accessible from outside the organization. This kind of attack can be from a single source in which case it is called simple denial of service attack.
Usually when ever an attacker want to perform an attack it starts with a phishing email to gain access to the companies infrastructure. This kind of attack requires the use of an attack workstation and a tool, but no other additional resources are required. These attacks can be from different systems in which case it is called distributed denial of service. This is more complicated because it firstly requires access to a large number of compromised systems, a botnet, which can be used as distributed sources, and all are controlled form the attacker’s worksatation.
Distributed denial of service attacks were first seen in 1999, a DOS tool called trinoo was deployed on over 200 hosts to flood a server at the University of Minnesota. It successfully took the server offline for two days. A third type of attack, known as a reflection attack, it is called so becasue it sends the traffic directly to the target from the third party service. It i a real complex attack as it take advantage of the valid functions of the third party services to behave like a reflection surface which is used to perform the attack. And this is much more powerfull then a basic Denial of Service attack.
Techniques Used :-
There are a lot of intresting vatiations in eac of these attacks known as pulsing, in most of the tests flooding is used to bypas the anti DOS protection. It is more use full when the firewall of the webserver of other services is well configured to a flodding attack then the server protection. There are many ways in which an attacker can block the use of any service and one of the most common one is to flood the pathway form client to the server with lots of fake requests and that make it impossible for the legitimate request to get through.
The second can be forcing a service to shutdown or disable its self, this is mostly done by sending malicious pakets to the servce which can cause an internal malfunction in the service or application. And the third one is by exhausting the resources of the host by providing services. In addition to these techniques of attacks and there are three types of attack techniques the first one is network-based attacks, which depends on the protocol manipulation to exhaust the resources
These include the following attacks. The TCP SYN flooding attack, which partially creates a TCP session, but does not complete the session handshake, and so consumes resources to maintain status information on the half-open connection. The ICMP Smurf flooding attack, which a reflective attack using the ICMP echo, because the source address is forged as the target address, and the ICMP response is sent back to the target. If sufficient ICMP requests are made, the response packets flood the target’s bandwidth.
UDP flooding. A UDP flooding attack is just a distributed denial of service attack in which any form of UDP packet is sent to the target, and flooding occurs because, with a large number of omitting sources, the volume of packet data can easily exceed the target’s incoming bandwidth. ARP flooding. The ARP protocol is used in local area networks to identify the association between MAC address and IP addresses, so the internet routing can be done using MAC addresses. By corrupting the ARP caches and individual network hosts, these hosts can be isolated from the network, thus denying resources.
The DNS amplification or reflection attack, a variant of the Smurf attack, this is another reflective attack in which a request is made to a DNS server, and the DNS response, which is over 50 times larger, is returned. This makes it hard for the server / service to handle and crashes.
The second class of attack, is wireless network attacks. These attack are only possible with in the range of the wireless network in this attack the attacker setup a jamming script which blocks the access of specific or all the machines on the network from access a particular service. This can also be used to re-route the traffics from these victims to other services.
The final type of attack are in which we take advantage of exploits in the services and cause then to malfunction. One of the key application level attacks is HTTP flooding to create a denial of service. Similar to ICMP, the HTTP flooding attack sends a large number of HTTP messages to a web server, typically in a way that resources are held open by the request, and causes it to consume all its connections.
Many other applications are also vulnerable to these attacks like FTP , SIP and many more.
There are also fix available to stop denial of service attack but they are often not installed properly.