Physical Security
Denial of Service
- DoS attacks represent one of the biggest threats on the Internet. DoS attacks might target a user or an entire organization and can affect the availability of target systems or the entire network.
- DoS attacks can be categorized into three broad categories: bandwidth consumption, resource starvation, and programming flaws.
- Smurf Exploits Internet Control Message Protocol (ICMP) by sending a spoofed ping packet addressed to the broadcast address with the source address listed as the victim.
- SYN flood A SYN flood disrupts Transmission Control Protocol (TCP) by sending a large number of fake packets with the SYN flag set. This large number of half open TCP connections fills the buffer on a victim's system and prevents it from accepting legitimate connections.
- One of the distinct differences between DoS and DDoS is that a DDoS attack consists of two distinct phases. First, during the pre-attack, the hacker must compromise computers scattered across the Internet and load software on these clients to aid in the attack. The second phase is the attack.
- Tracking the source of a DDoS attack is difficult because of the distance between the attacker and victim.
Table FF.7. DDoS Types and Protocols
DDoS Tool
Attack Method
Trinoo
UDP
TFN
UDP, ICMP, TCP
Stacheldrach
UDP, ICMP, TCP
TFN2K
UDP, ICMP, TCP
Shaft
UDP, ICMP, TCP
Mstream
TCP
Trinity
UDP, TCP
- Egress filtering can be performed by the organization's border routers to reduce the threat of DDoS.
Social Engineering
|