Michael R. Dornkasch

• Index
• News
• About Me
• Pictures
• Blog
• Projects
• Links
• Stuff
• Contact

#_________________________________________________________________________________#
#_________________________________ The basics of _________________________________#
#_______________________________ Denial of Service _______________________________#
#_________________________________               _________________________________#


If you ever had a system crush on you, you know how frustrating it is when you 
lose your data and are unable to work. This is the goal of a denial-of-service 
attack. 

Such attacks are results of either protocol stack violations or a cause of resource
exhaustion. Likely goals an attacker wants to achieve by rendering a system/service 
unusable are either gaining access to the system or to divert attention. 




There are several methods of DoS attacks:


__B.3.1. Bandwidth Attacks

A bandwidth attack is one of the oldest and most common methods.
It floods a network with random traffic until the network is  simply unable to handle
the amount of traffic. This results in crashing the system or at least making it 
unusable due to slowness. 



__B.3.2. Protocol Attacks
         
Such attacks are exploiting the operating systems protocol stack.

Let us take the SYN attack as an example:

An attacker [Computer A] constantly sends SYN packages with a spoofed source address 
to his target [Computer B]. Computer B tries to answer every connection request 
[which gets initiated with a SYN package] with a SYN/ACK. The connection stays 
half-open [embryonic]. Since a host has a limited number of embryonic sessions, the 
target node is going to be unable to establish/accept connections when those 
sessions are used up. 



__B.3.3. Logic Attacks 

Logic attacks are the most tricky way of DoSing, since such a methods involve a sophisticated 
understanding of networking [at least on the programmer-side]. A 'LAND attack' for instance 
sends a forged packet with the same source and destination address in it's header to the victim.
The attacked node tends to crash due to this unexpected traffic.



__B.3.4. DDoS 
 
A [D]istributed [D]enial [o]f [S]ervice Attack is a DoS which involves several attacking hosts, 
so called handlers. Facing the fact that physical devices simply don't have infinite resources 
makes every target vulnerable to crashing due to combined DoS attacks. The infamous Smurf attack 
for example sends an echo request with the target as the spoofed source address via broadcast to 
all nodes on a network. Those reply with an 'echo reply'. The massive amount of data which is 
hitting the targets interface is very likely going to crash the host.




The following tools may be used to achieve a DoS:
- Datapool [*NIX]
- Hgod [Win32]
- Jolt2 [*NIX/Win32]


Symptoms of DoS attacks are: 
- High CPU/network activity 
- Systems crashing randomly
- No responses from computer
- Unusually high CPU overhead of a certain process

 
Here is a list of more or less effective ways to protect a network from such attacks:
- Keeping your systems up-to-date
- Disabling unused services
- Installing firewalls
- Installing IDS systems
- Consider limiting ICMP 
- Applying [A]ccess [C]ontrol [L]ists to your routers
- Disabling directed broadcasts from passing across your gateways





// by stoerimpuls [MrD]
// root [at] stoerimpuls.net
// Have [ph]un.

Request 0x0005E95287

Michael R. Dornkasch