A guide to cyber attacks: Denial of Service – Part 3

To conclude this 3-part series on cyber attacks, Information Age examines the various types of DoS within the cyber space. A guide to cyber attacks: Denial of Service – Part 3 image

Feel free to check out part 1 on malware, and part 2 on phishing.

A Denial of Service, or DoS, is a category of cyber attack that involves culprits incapacitating a targeted server from a single computer, rendering the targeted server unavailable to users.

This can usually be achieved by flooding a victim’s server with traffic or disrupting server connections.

Attackers send messages to a network or server requesting authentication of requests. These messages feature void return addresses, rendering the network or server unable to solve the issue and thus causing the connection to cease.

A key factor in these attacks is the excessive frequency of messages sent.

The ways in which a victim can tell if they have been attacked by a DoS, as cited by experts, include a decrease in network performance, unavailable access to a certain site, and a higher than average volume of spam email.

>Read more on the five biggest email security problems 

The motives for a DoS attack usually lie in the wish to cause inconvenience to a particular person or organisation, but rarely is it carried out for financial gain.

The methods and motives of a DoS attack vary by the type, several of which are covered below.

Distributed Denial of Service

Arguably the most notable variety of DoS in the cyber space, Distributed Denial of Service (DDoS) is a DoS that originates from several compromised devices and is aimed at a particular server.

These devices are usually infected with a Trojan horse beforehand. The attacker then uses the Trojan as a backdoor into other devices on the same network, controlling the devices so that they can send hordes of authentication requests to a server. This is known as a botnet.

>Read more on how to detect and remove botnets from your network 

This type of DoS, which is often a global matter, is frequently used by attackers to make a point against an organisation or to contribute to a cause. Attacks under this category can be split into many subtypes, including:

-Traffic attacks, which involve the sending of TCP, UDP and ICPM packets, as well as the occasional piece of malware.

-Bandwidth attacks, which cause a DoS via large volumes of junk data.

-Application attacks, which deplete application layer resources, rendering the application unavailable to users.

According to a recent report by Corero, DDoS attacks have risen by 40% within the last year, while the duration of attacks have decreased, with 77% of participants reporting attacks lasting a maximum of 10 minutes.

Additionally, one in five organisations were found to be targeted within 24 hours of an initial DDoS.

One prominent and recent DDoS case is that of the attack on poker site 888Poker, which occurred during a tournament.

>Read more on the recently found vulnerabilities of the media and entertainment industry

TCP SYN Flood

A TCP SYN Flood is a type of DDoS attack that emphasises the use of SYN packets to overwhelm all server ports on a targeted device. The method aims to disrupt the Transmission Control Protocol (TCP) three-way SYN-SYN ACK-ACK handshake between two computers:

– Computer A sends ‘synchronise’ (SYN) request to Computer B; Computer B receives it.

– Computer B sends a ‘synchronise acknowledgement’ (SYN ACK) reply to Computer A; Computer A receives it.

– Computer A acknowledges the reply, and a TCP socket connection is made.

>Read more on how to combat sequence prediction attacks

In a SYN Flood attack, however, a culprit behind a compromised device and a spoofed IP address will continuously and vigorously send SYN requests to each port of another device. The attacked computer then responds each time with a SYN ACK message, but will not get the final ACK message that features in a normal three-way handshake.

Because the attacker is using invalid IP addresses, the victimised computer can not tell that it is being attacked and therefore can not reset these connections.

After some time, the victimised server’s resources become exhausted as these half-open attacks pile up, meaning that legitimate users will not be able to connect to it.

Teardrop

Also known as an IP fragmentation attack, teardrop attacks involve an attacker sending fragments of TCP packets to a server. As these fragments overlap, the server can not reassemble them, leading to that server closing.

The fragments are infected with a bug that makes them impossible to reassemble.

The attack’s name relates to its gradual process.

Fortunately, today’s operating systems are perfectly capable of dropping these packets so that they do not affect servers.

Smurf

The Smurf DDoS involves ‘smurf’ malware creating network packets with spoofed IP addresses. These packets contain an Internet Control Message Protocol (ICMP) ‘ping’ message requesting a reply.

The packets are sent to an IP broadcast network, which in turn transmits the malware to all IP addresses on the targeted network.

As a result of these IP addresses constantly replying to these requests, an infinite loop occurs, leading to the server eventually being shut down for hours or even days.

>Read more on what’s next for Internet Protocol

This attack could also serve as a distraction from a worse attack, such as data theft.

The smurf malware has been known in the past to be possibly downloaded inadvertently from compromised websites or email links.

Ping of Death

A Ping of Death, or PoD, is a DoS that involves attackers sending IP packets that are larger than the size allowed by the IP protocol.

>Read more on wire data analysis

It has been agreed by experts that the maximum packet size allowed is 65,536 bytes.

The packets, sent from spoofed IP addresses, are sent in fragments in order to bypass the IP Protocol rules.

As dangerous as this attack sounds, modern operating systems are not vulnerable to it, due to their capability of blocking malicious ping attacks at the firewall, and had created patches that could stop it before the turn of the millennium.

Latest news

divider
Automation
Opinion: “RPA delivers greater productivity in the workplace”

Opinion: “RPA delivers greater productivity in the workplace”

21 September 2018 / Finance plays an essential role in every part of a firm’s operations. In fact, few [...]

divider
Business & Strategy
Charting the course for tech success

Charting the course for tech success

21 September 2018 / “The Digital Skills Gap” is a phrase that has been bandied around for some time [...]

divider
News
The week in tech

The week in tech

21 September 2018 / Government committee recommends abolishing the Tier 2 visa cap The Migration Advisory Committee, this week, finally [...]

divider
Cybersecurity
Executives waking up to cyber threats

Executives waking up to cyber threats

21 September 2018 / It took time, and some major monetary losses, but executives are finally beginning to understand [...]

divider
Diversity
Bridging the gender gap in tech

Bridging the gender gap in tech

20 September 2018 / September is a month of new beginnings, with sixth formers starting A-level courses, students beginning [...]

divider
Governance, Risk and Compliance
Credit reference agency, Equifax fined by ICO over data breach

Credit reference agency, Equifax fined by ICO over data breach

20 September 2018 / Equifax will be fined £500,000 by the Information Commissioner’s Office (ICO) following its failure to protect [...]

divider
Major Contracts
Asda goes to the checkout with HCL Technologies

Asda goes to the checkout with HCL Technologies

20 September 2018 / HCL Technologies, the technology company, has been selected by grocery retailer Asda. The three-year applications [...]

divider
Cybersecurity
Millennials and cyber security: understanding the value of personal data

Millennials and cyber security: understanding the value of personal data

20 September 2018 / Millennials often get a bad rap in the workplace and get an endless supply of labels [...]

divider
Releases & Updates
Could Insightly emerge as a viable alternative to Salesforce?

Could Insightly emerge as a viable alternative to Salesforce?

20 September 2018 / In the world of customer relationship management (CRM) Salesforce is currently on top. According to a [...]

Do NOT follow this link or you will be banned from the site!

Pin It on Pinterest

Share This