Denial of Service [ DoS ] Explained with Examples.

What Is DOS Attack?

A Denial of Service (DoS) attack is a malicious attempt to disrupt the normal operation of a targeted network server or service by overwhelming it with a flood of Internet traffic.

DoS attacks are a significant threat in the realm of cybersecurity, as they can render resources inaccessible to legitimate users.

Let’s explore this concept further:

Objective of DoS Attacks:

The primary goal is to make a machine or network resource unavailable to its intended users by temporarily or indefinitely interrupting or suspending services of a host connected to the Internet.
This can be achieved by overwhelming the target device with more requests than it can handle, leading to server overload.

Methods Used in DoS Attacks:

Traffic Flood: The attacker sends a massive amount of traffic to the target. Common methods include SYN Flood, ICMP (Ping) Flood, and UDP Flood.

A SYN flood attack exploits the TCP three-way handshake. It involves sending multiple SYN requests (1,000+) to a targeted server. The server replies with the usual SYN-ACK response, but the malicious host never responds with the final ACK to complete the handshake. This ties up the server until it eventually runs out of resources and cannot respond to a valid host request.

ICMP (Ping) Flood: is a type of Denial of Service (DoS) attack where an attacker sends a large volume of ICMP Echo Request (ping) packets to a target server or network. This flood of ping requests can overwhelm the target’s resources, causing it to become unresponsive to legitimate traffic. It is important for network administrators to have proper security measures in place to detect and mitigate ICMP flood attacks to ensure the availability and performance of their network.

UDP Floods: The main goal of a UDP flood attack is to overwhelm the target network with a large volume of UDP packets, causing it to become unresponsive and potentially crash. These attacks are often used by malicious actors to disrupt services or bring down websites, making them a popular choice for cyber criminals looking to cause chaos and damage. To protect against UDP floods, network administrators can implement various security measures such as firewalls, intrusion detection systems, and rate limiting. Additionally, working with internet service providers to detect and block malicious traffic can help mitigate the impact of UDP flood attacks.

Ping of Death.

A ping of death attack gained prominence in the late 1990s. They were the older operating systems, which were not as secure as the recent ones. Ping of death type of attack takes advantage of vulnerabilities or loopholes in older operating systems, what it does is modify the IP portion of a ping packet header to indicate that there is more data in the packet than there is.

A ping is normally 64 or 84 bytes, while a ping of death could be up to 65,536 bytes. Sending a ping of this size may crash an older target computer. Most networks are no longer susceptible to this type of attack.

Other DDoS Attacks including:
Resource Depletion: The attacker exploits a vulnerability or a weakness in the system to consume its resources, such as memory or processing capacity, rendering the service inoperative.
Disruption of Configuration: Altering the configuration of network components to disrupt the network.

Other types of DoS attacks include:

i. E-mail bombs – Programs send bulk e-mails to individuals, lists, or domains, monopolizing e-mail services.

ii. Malicious applets – These attacks are Java, JavaScript, or ActiveX programs that cause destruction or tie up computer resources.

Distributed Denial of Service (DDoS) Attacks:

A more potent form of DoS is the Distributed Denial of Service (DDoS) attack, where the attack originates from multiple sources, often coordinated by a network of compromised machines (a botnet).
This makes it harder to stop the attack, as blocking a single source is insufficient.

Impact of DoS Attacks:

Service Disruption: Makes websites or services unavailable, impacting businesses and users.
Financial Losses: Leads to loss of revenue and additional costs in mitigation and recovery.
Reputational Damage: Affects the credibility of the targeted organization.

Protection Against DoS Attacks:

Robust Infrastructure: Designing networks and systems to handle unexpected surges in traffic.
Security Measures: Implementing firewalls, intrusion detection systems, and anti-DDoS solutions.
Traffic Analysis and Filtering: Identifying and filtering out malicious traffic.

DoS and DDoS attacks can be controlled by the implementation of special anti-spoof and anti-DoS Access Control Lists.

ISPs can also implement traffic rates, limiting the amount of unnecessary traffic that crosses network segments. A common example is to limit the amount of ICMP traffic that is allowed into a network because this traffic is used only for problem-solving purposes.