DoS attacks and their impact
A DoS attack is an explicit attempt to prevent legitimate users from accessing information or services on a host system. It does this by overloading the targeted machine or service with requests, thus making the resource unreachable or unresponsive to its intended users. DoS attacks exploit known weaknesses and vulnerabilities in systems and applications. These attacks aim to consume valuable resources to disrupt a service. Resources targeted include:
- Network connectivity
- Data structures
- CPU usage
- Disk space
- Application exception handling
- Database connections.
Hackers use several methods to deploy DoS attacks. These attacks come in all different shapes and sizes. Let's take a quick look at some of them:
1. SYN attacks
In a SYN (synchronize) attack, networking capability of the targeted system can be knocked out by overloading its network protocol stack with information requests or connection attempts. A SYN attack exploits known weaknesses in the TCP protocol and can impact any system providing TCP-based services, including Web, email, FTP, print servers, etc.
In a normal TCP connection, the client and server exchange a series of messages to establish the connection, known as the three-way handshake. First, the client sends a SYN message to the server. The server will acknowledge the receipt of this message with a SYN-ACK (synchronize-acknowledgement) back to the client. Lastly, the client responds with an ACK (acknowledge) and the connection is established. Taking advantage of this process, an attacker sends multiple SYN packet requests continuously, but then doesn’t return a response. This means the targeted host just sits and waits for acknowledgement for each request, which ties up the number of available connections. In turn, connection attempts from legitimate users get ignored.
Tips to stay secure: Make sure you have a firewall/security device in place that is capable of detecting the characteristics of this type of attack. Also, be certain that you have the appropriate filters configured, including one that restricts input to your external interface by denying packets that have a source address from your internal network. You should also filter outgoing packets that have a source address different than your internal address scheme. Additionally, ensure you have the latest security patches in place, including operating system and application updates, as well as firmware updates for your network and security devices.
2. Poisoning of DNS cache
DNS cache poisoning exploits vulnerabilities in the domain name system (DNS). In this case, the attacker attempts to insert a fake address entry into the DNS server’s cache database in order to divert Internet traffic from legitimate sites to “rogue” sites. The goal is to lure unsuspecting users to download malicious programs, which can then be exploited by the attacker.