DoS Attack: An Introduction

A Denial-of-Service (DoS) attack is an attack intended to shut down a mechanism or network, making it unreachable to its envisioned users. DoS attacks achieve this by flooding the target with traffic, or transfer the data that prompts a crash. In both instances, the DoS attack divests legitimate users of the facility or resource they expected.

Victims of DoS attacks frequent target web servers of high-profile organizations such as banking, commerce, and media companies, or government and trade organizations. Though DoS attacks do not characteristically result in the theft or loss of important data or other assets, they can cost the victim a great deal of time and money to holder.

There are two over-all methods of DoS attacks: overflowing services or crashing services. Flood attacks occur when the system receives too much traffic for the server to buffer, causing them to slow down and eventually stop. Popular flood attacks include:

Buffer overflow attacks — the most common DoS attack. The concept is to send more traffic to a network address than the programmers have built the scheme to handle. It consists of the attacks listed below, in addition to others that are intended to exploit bugs specific to certain applications or networks

ICMP flood — influences misconfigured network devices by sending spoofed packets that ping every computer on the targeted network, instead of just one specific machine. The network is then triggered to amplify the traffic. This attack is also known as the smurf attack or ping of death.

SYN flood — sends a request to connect to a server, but never completes the handshake. Continues until all open ports are saturated with requests and none are available for legitimate users to connect to.

Other DoS attacks simply exploit vulnerabilities that cause the target system or service to crash. In these attacks, input is sent that takes advantage of bugs in the target that subsequently crash or severely destabilize the system, so that it can’t be accessed or used.

An additional type of DoS attack is the Distributed Denial of Service (DDoS) attack. A DDoS attack occurs when multiple systems orchestrate a synchronized DoS attack to a single target. The essential difference is that instead of being attacked from one location, the target is attacked from many locations at once. The distribution of hosts that defines a DDoS provide the attacker multiple advantages:

· He can leverage the greater volume of machine to execute a seriously disruptive attack

· The location of the attack is difficult to detect due to the random distribution of attacking systems (often worldwide)

· It is more difficult to shut down multiple machines than one

· The true attacking party is very difficult to identify, as they are disguised behind many (mostly compromised) systems

Modern safety technologies have advanced mechanisms to guard against most forms of DoS attacks, but due to the exclusive characteristics of DDoS, it is still observed as an raised threat and is of higher concern to administrations that fear being beleaguered by such an attack.