WHAT IS DENIAL OF SERVICE (DOS) ATTACK?

DENIAL OF SERVICE (DOS) ATTACK

 {Part - 1}

Liability Disclaimer

The information provided in this ARTICLE is to be used for educational purposes only. The creator of this ARTICLE is in no way responsible for any misuse of the information provided. All of the information presented in this ARTICLE is meant to help the reader develop a hacker defence attitude so as to prevent the attacks discussed. In no way shall the information provided here be used to cause any kind of damage directly or indirectly. The word “Hack” or “Hacking” used extensively throughout this book shall be regarded as “Ethical Hack” or “Ethical hacking” respectively.

You implement all the information provided in this book at your own risk.

 CONTENTS

•  WHAT IS DOS ATTACK?
• OBJECTIVES OF DOS ATTACK 
• DOS ATTACK TECHNIQUES
• TOOLS FOR DOS ATTACK
• CHARACTERISTICS OF DOS ATTACK
• PART - 2

ALSO READ :  LEARN LINUX FROM BASIC TO PRO {A BEGINEER'S GUIDE}

WHAT IS DENIAL OF SERVICE (DOS) ATTACK?

A denial of service (DoS) attack is an attempt to make a system, service or network completely unusable to its intended users or significantly slow down its performance by overloading its resources.

In most cases, if an attacker is unable to gain unauthorized access to the target system he finally decides to carry out a DoS attack by trying to crash its resources. The aftermath of the DoS attack can lead to financial losses especially if the affected website or server is associated with e-commerce activities. It may also affect the goodwill of the company or organization that has become a victim of the attack as there is a clear chance of people losing trust in using its services.

Objectives of DoS Attacks

The objective of a DoS attack is not to gain unauthorized access to the system but rather to prevent the legitimate users of its service from accessing it. To accomplish this, an attacker may use different means such as:

• Attempt to flood the traffic to the target network so as to make it unreachable to its intended users.

• Attempt to disrupt connections between two machines on the network which may lead to denial of service.

• Attempt to prevent a particular individual from accessing the service or disrupt only a specific service from getting accessed.

ALSO READ :  A COMPLETE BEGINNER'S GUIDE TO FOOTPRINTING

 DoS Attack Techniques

The following are some of the common techniques employed in denial of service attack:

1.    Smurf Attack (ICMP flood)

In this type of DoS attack, the attacker broadcasts a large amount of Internet Control Message Protocol (ICMP) echo request packets to a computer network with a spoofed IP address of the target host (victim). This will flood the target host with lots of ping replies (ICMP echo replies) from the network which makes it impossible to handle. There is also a variant of smurf attack called fraggle attack where UDP packets are used instead of ICMP packets. The following figure illustrates the mechanism of a smurf attack:

2.    Ping of Death (POD)

In this kind of attack, the attacker deliberately sends an IP packet larger than the allowed size of 65,535 bytes. Since the size exceeds the maximum allowed limit, it is split across multiple IP packets known as fragments and sent to the target host. However, when the target tries to reassemble the packet on its end, the fragments add up to more than the allowed size of 65,535 bytes. Being unable to handle oversized packets, the operating system will freeze, reboot or simply crash thereby causing all the services running on it to become unavailable to the legitimate users.

In this way, the attacker becomes successful in causing a denial of service using the ping of death technique.

3.    Teardrop Attack

Teardrop attack involves sending IP fragments with oversized payload and overlapping offset value especially in the second or later fragment. If the receiving operating system is unable to aggregate the packets accordingly, it can lead to system crash.

4.    SYN Flood Attack

The SYN flood attack exploits a known weakness in the TCP connection sequence called the “three-way handshake”. According to this, a host sends SYN Request to the target server which responds with a SYN-ACK back to the host. Finally the requesting host sends an ACK Response back to the server which completes the three-way handshake process to establish the connection.

However, in case of a SYN attack, a large number bogus TCP SYN requests are sent to the target server but the SYN-ACK response sent back from the server is not answered. Sometimes the attacker may even use a spoofed IP address while sending a SYN request. For each SYN request from the attacker, the victim server allocates resources and keeps waiting for the ACK from the requesting source (attacker). Since no ACK is received, the server gets flooded with a large amount of half-open connections thereby leading to resource exhaustion resulting in a denial of service. SYN flood attack is demonstrated in the following figure.

Tools for DoS Attacks

Now, let us look at some of the popular tools used for DoS attacks.

1.    Slowloris

Slowloris is a tool built for Linux platform that targets hosts running web servers such as Apache, dhttpd, Tomcat and GoAhead. This tool works by sending too many HTTP headers to the target server but never completes it. Slowloris is designed to take down a target web server from a single machine by holding as many connections to it as possible. This will eventually overflow the maximum connections that the target web server can handle thereby leading to a denial of service for other legitimate connections.


2.    QSlowloris

This tool works on the same principle as that of Slowloris but has a graphical user interface for ease of use and works on Windows platform.

3.    PyLoris

PyLoris is basically a testing tool for servers but can also be used to perform DoS attacks. It can target various protocols including HTTP, FTP, SMTP, IMAP and Telnet.

4.    LOIC (Low Orbit Ion Cannon)

LOIC is an open-source network stress testing and DoS tool. It floods the target server with a large amount of TCP or UDP packets resulting in a denial of service.

 

ALSO READ : HOW TO BOOT KALI LINUX IN VMware WORKSTATION {COMPLETE GUIDE}

DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACK

A distributed denial of service attack happens when the attack on the target host originates from multiple compromised systems. Before launching the attack, the attacker compromises multiple systems from one or more networks using trojans and other techniques. These compromised systems are known as zombies where the attacker uses them to launch a DDoS attack on the final target.

The advantages of distributed denial of service is that since multiple systems are used, the target can easily be flooded with too much traffic eventually causing it to go down. A more clear understanding can be obtained using the following figure 12.3 which illustrates the mechanism involved in a typical DDoS attack.

Characteristics of DDoS Attack  

• When compared to a DoS attack, DDoS is a large scale coordinated attack on the target using large number of pre-compromised systems (zombies).

•   DDoS attack works under two levels. The final target which is under direct attack is known as the “primary victim” while the zombies used to attack it are referred to as “secondary victims”.

• As the attack originates from multiple network locations and involves large number of zombies, it is often hard to detect or prevent.

• A simple DoS attack which originates from a single IP address can easily be blocked at the firewall level. But a DDoS attack which originates from twenty to thirty thousand different systems (IP addresses) is extremely hard to detect.

• Even if the company makes a guess work and manages to block multiple IP addresses at its firewall, there is a clear chance of real users being adversely affected as it is hard to differentiate between genuine and malicious traffic.

ALSO READ :  HOW TO RESET WINDOWS PASSWORD AND GAIN ACCESS TO THE SYSTEM { COMPLETE GUIDE }

READ PART 2 HERE