A guide to cyber attacks: Denial of Service – Part 3

To conclude this 3-part series on cyber attacks, Information Age examines the various types of DoS within the cyber space. A guide to cyber attacks: Denial of Service – Part 3 image

Feel free to check out part 1 on malware, and part 2 on phishing.

A Denial of Service, or DoS, is a category of cyber attack that involves culprits incapacitating a targeted server from a single computer, rendering the targeted server unavailable to users.

This can usually be achieved by flooding a victim’s server with traffic or disrupting server connections.

Attackers send messages to a network or server requesting authentication of requests. These messages feature void return addresses, rendering the network or server unable to solve the issue and thus causing the connection to cease.

A key factor in these attacks is the excessive frequency of messages sent.

The ways in which a victim can tell if they have been attacked by a DoS, as cited by experts, include a decrease in network performance, unavailable access to a certain site, and a higher than average volume of spam email.

>Read more on the five biggest email security problems 

The motives for a DoS attack usually lie in the wish to cause inconvenience to a particular person or organisation, but rarely is it carried out for financial gain.

The methods and motives of a DoS attack vary by the type, several of which are covered below.

Distributed Denial of Service

Arguably the most notable variety of DoS in the cyber space, Distributed Denial of Service (DDoS) is a DoS that originates from several compromised devices and is aimed at a particular server.

These devices are usually infected with a Trojan horse beforehand. The attacker then uses the Trojan as a backdoor into other devices on the same network, controlling the devices so that they can send hordes of authentication requests to a server. This is known as a botnet.

>Read more on how to detect and remove botnets from your network 

This type of DoS, which is often a global matter, is frequently used by attackers to make a point against an organisation or to contribute to a cause. Attacks under this category can be split into many subtypes, including:

-Traffic attacks, which involve the sending of TCP, UDP and ICPM packets, as well as the occasional piece of malware.

-Bandwidth attacks, which cause a DoS via large volumes of junk data.

-Application attacks, which deplete application layer resources, rendering the application unavailable to users.

According to a recent report by Corero, DDoS attacks have risen by 40% within the last year, while the duration of attacks have decreased, with 77% of participants reporting attacks lasting a maximum of 10 minutes.

Additionally, one in five organisations were found to be targeted within 24 hours of an initial DDoS.

One prominent and recent DDoS case is that of the attack on poker site 888Poker, which occurred during a tournament.

>Read more on the recently found vulnerabilities of the media and entertainment industry

TCP SYN Flood

A TCP SYN Flood is a type of DDoS attack that emphasises the use of SYN packets to overwhelm all server ports on a targeted device. The method aims to disrupt the Transmission Control Protocol (TCP) three-way SYN-SYN ACK-ACK handshake between two computers:

– Computer A sends ‘synchronise’ (SYN) request to Computer B; Computer B receives it.

– Computer B sends a ‘synchronise acknowledgement’ (SYN ACK) reply to Computer A; Computer A receives it.

– Computer A acknowledges the reply, and a TCP socket connection is made.

>Read more on how to combat sequence prediction attacks

In a SYN Flood attack, however, a culprit behind a compromised device and a spoofed IP address will continuously and vigorously send SYN requests to each port of another device. The attacked computer then responds each time with a SYN ACK message, but will not get the final ACK message that features in a normal three-way handshake.

Because the attacker is using invalid IP addresses, the victimised computer can not tell that it is being attacked and therefore can not reset these connections.

After some time, the victimised server’s resources become exhausted as these half-open attacks pile up, meaning that legitimate users will not be able to connect to it.

Teardrop

Also known as an IP fragmentation attack, teardrop attacks involve an attacker sending fragments of TCP packets to a server. As these fragments overlap, the server can not reassemble them, leading to that server closing.

The fragments are infected with a bug that makes them impossible to reassemble.

The attack’s name relates to its gradual process.

Fortunately, today’s operating systems are perfectly capable of dropping these packets so that they do not affect servers.

Smurf

The Smurf DDoS involves ‘smurf’ malware creating network packets with spoofed IP addresses. These packets contain an Internet Control Message Protocol (ICMP) ‘ping’ message requesting a reply.

The packets are sent to an IP broadcast network, which in turn transmits the malware to all IP addresses on the targeted network.

As a result of these IP addresses constantly replying to these requests, an infinite loop occurs, leading to the server eventually being shut down for hours or even days.

>Read more on what’s next for Internet Protocol

This attack could also serve as a distraction from a worse attack, such as data theft.

The smurf malware has been known in the past to be possibly downloaded inadvertently from compromised websites or email links.

Ping of Death

A Ping of Death, or PoD, is a DoS that involves attackers sending IP packets that are larger than the size allowed by the IP protocol.

>Read more on wire data analysis

It has been agreed by experts that the maximum packet size allowed is 65,536 bytes.

The packets, sent from spoofed IP addresses, are sent in fragments in order to bypass the IP Protocol rules.

As dangerous as this attack sounds, modern operating systems are not vulnerable to it, due to their capability of blocking malicious ping attacks at the firewall, and had created patches that could stop it before the turn of the millennium.

Latest news

divider
Business Skills
Global Accessibility Awareness Day, inclusive design and business sense

Global Accessibility Awareness Day, inclusive design and business sense

17 May 2019 / At least one billion people, 15% of the world’s population, have a recognised disability — [...]

divider
Major Contracts
Atom Bank selects TruNarrative for protection against financial crime

Atom Bank selects TruNarrative for protection against financial crime

17 May 2019 / The Leeds-based fraud-detection firm TruNarative has today announced that Atom Bank has selected its services [...]

divider
Data Analytics & Data Science
Mass data fragmentation: take control of bad data

Mass data fragmentation: take control of bad data

17 May 2019 / Data is undeniably one of the most valuable resources for organisations today. As a key [...]

divider
Case Studies
A DevOps case study at one of the world’s largest banks

A DevOps case study at one of the world’s largest banks

17 May 2019 / A DevOps case study DevOps, the combination of development and operations, is more than a [...]

divider
News
Flying cars is about convergence

Flying cars is about convergence

17 May 2019 / It is so easy to poke fun. ‘Err, hello, what about all those drones flying [...]

divider
Governance, Risk and Compliance
Will Ofcom’s contract renewal update make companies more agile?

Will Ofcom’s contract renewal update make companies more agile?

16 May 2019 / “Wake me up before you go go,” sung George Michael. The trouble is that these [...]

divider
AI & Machine Learning
UK Digital Secretary to announce line-up of the AI Council

UK Digital Secretary to announce line-up of the AI Council

16 May 2019 / There is an extraordinary opportunity lurking within the AI revolution, of that there is no [...]

divider
Data Analytics & Data Science
Machine learning versus AI, and putting data science models into production

Machine learning versus AI, and putting data science models into production

16 May 2019 / If it’s written in Python, it’s machine learning. If it’s written in PowerPoint, it’s probably [...]

divider
DevOps
The DevOps roadmap in 2019

The DevOps roadmap in 2019

16 May 2019 / Mainstream server-fuelled firms are all at interesting focuses in their centralised server DevOps roadmap. We [...]

Do NOT follow this link or you will be banned from the site!

Pin It on Pinterest