TYPES OF DOS ATTACKS

Consumption of Resources

The bandwidth consumption attack is the most common type of DoS in the world. Many Internet companies such as Yahoo!, eBay, Microsoft, Amazon, and others have experienced downtime and financial losses due to this type of attack.

This type of attack makes up the majority of distributed denial of service (DDoS) attacks, as well as the early DoS methods of using ping -f floods by attackers with larger Internet pipes than those of their targets. These attacks are more difficult, and sometimes even impossible , to mitigate due to the nature of the protocols on which the Internet is built. However, efficient means of traffic rate control have been implemented by Cisco Systems for routers, and we will review these methods in this chapter. CPU resource consumption attacks can be the result of programming flaws found in the TCP/IP stack, server-side services, and other network-interacting software to which attackers can connect. These attacks can usually be rectified by patching the buggy software code using vendor patches. Hard disk space consumption occurs when the software or service is tricked into storing excessive amounts of information on the server's storage facility, thus consuming all available storage resources and memory. This will most likely lead to a denial of services for legitimate users and can be rectified by cleaning up the disk space, fixing the buggy software code, and/or rebooting the server. An example of such an attack is the flooding of an unauthenticated syslog server (usually found on port 514/UDP) by junk messages. An attacker can send any information to that port and it will be stored in the system log files. Depending on the attacker's bandwidth and the storage available, this method can be effective in disabling the logging facilities of the server or even the entire enterprise, making attacker tracing and prosecution a very difficult task.

Disruption of Information Flow

This type of attack is less common than bandwidth consumption; however, such an attack can affect many users, organizations, and, if properly launched, even entire countries or continents. For instance, the DNS entry of a company or an entire country can be altered or diverted to a different location or to /dev/null , thus disabling connectivity of the targeted networks for the duration of the attack. The motives behind this type of attack are usually political or corporate in nature. Another example of such an attack can be discovered when an attacker fiddles with the routers responsible for Border Gateway Protocol (BGP) routing updates; this can easily bring a large chunk of the Internet to its knees with only a few packets. This type of attack is reviewed in the final chapter of this book, where we cover BGP security issues.