A few years ago being a network administrator was a much easier job. Sure you probably had fewer resources and technology choices for running applications were limited, but there was one crucial difference – the internet. As soon as even one computer on your network was connected to the internet the game changes completely, you have internet access from the network but it works the other way around too. Any server or PC in your network is potentially accessible from the internet too.
A Denial of Service (DOS) attack is any kind of attack that interferes with the function of a computer so that genuine individuals can no longer get access to it. DoS attacks are actually possible on the majority of network equipment, including switches, hosting servers, ﬁrewalls, remote access computers, as well as just about every other network resource. A DoS attack may be speciﬁc to a service, such as in an FTP attack, or perhaps an entire machine. The different kinds of DoS are diverse and wide ranging, however, they can be split into 2 distinctive categories that connect to intrusion detection: resource depletion and malicious packet attacks.
Malicious packet DoS attacks work by transmitting abnormal trafﬁc to a host in order to cause the service or the host in itself to crash. Crafted packet DoS attacks occur whenever software is not properly coded to deal with abnormal or unusual traffic. Commonly out-of– spec traffic can easily cause computer software to react unexpectedly and crash. Attackers can utilize crafted packet DoS attacks in order to bring down IDSs, even Snort.A specifically crafted tiny ICMP packet with a size of 1 was discovered to cause Snort v. 1.8.3 to core dump. This particular version of Snort did not actually correctly deﬁne the minimum ICMP header dimensions, which in turn made it possible for the DoS to happen.
One of the reasons that the denial of service attacks are so common is that the attacker is extremely difficult to trace. The most obvious factor behind this is that most of the attacks don’t require valid responses to complete, therefore it’s very hard to identity the source. In addition to that are the huge number of anonymous resources available online including VPNs, anonymous proxies and providers of residential IP address networks like these.
Along with out of spec trafﬁc, malicious packets can certainly consist of payloads which cause a system to crash. A packet’s payload is actually taken as input right into a service. If the input is not properly checked, the program can be DoSed. The Microsoft FTP DoS attack demonstrates the comprehensive assortment of DoS attacks readily available to black hats in the wild.The very first step in the attack is actually to start a legitimate FTP connection.The attacker would most likely then issue a command with a wildcard pattern (such as * or?). Within the FTP Web server, a function which processes wildcard sequences in FTP commands does not allocate adequate memory when executing pattern matching. It is actually feasible for the attackers command incorporating a wildcard pattern to cause the FTP service to crash.This DoS, as well as the Snort ICMP DoS, are 2 instances of the many thousands of potential DoS attacks out there.
The additional method to deny service is via resource depletion. A resource depletion DOS attack functions simply by flooding a service with a great deal normal trafﬁc that legitimate users can not gain access to the service. An attacker overrunning a service with typical trafﬁc can certainly exhaust ﬁnite resources such as bandwidth, memory, and processor chip cycles.
A classic memory resource exhaustion DoS is a SYN flood. A SYN flood makes use of the TCP three-way handshake. The handshake starts with the client sending a TCP SYN packet. The host then sends out a SYN ACK in response. The handshake is concluded when the client responds with an ACK. If the host does not obtain the returned ACK, the host sits unoccupied and waits with the session open. Each and every open session consumes a certain amount of memory. If sufficient three– way handshakes are launched, the host consumes all of the readily available memory waiting for ACKs.The trafﬁc generated from a SYN flood is normal in appearance. The majority servers are conﬁgured these days to leave just a specific number of TCP connections open. One other classic resource depletion attack is the Smurf attack.
A Smurf attack works by capitalizing on open network broadcast addresses.A broadcast address forwards all packets on to just about every host on the destination subnet. Every host on the destination subnet answers to the source address listed in the traffic to the broadcast address. An attacker sends a stream of ICMP echo requests or pings to a broadcast address.This has the effect of magnifying a single ICMP echo request up to 250 times.
Furthermore. the attacker spoofs the origin address in order that the target receives all the ICMP echo reply traffic. An attacker with a 128 Kb/s DSL Net connection can certainly create a 32 Mb/s Smurf flood. DoS attacks commonly utilize spoofed IP addresses due to the fact that the attack succeeds even if the response is misdirected.The attacker requires no response, and in cases like the Smurf attack, wants at all costs to avoid a response.This can make DoS attacks difficult to defend from, and even harder to trace.
Further Reading: http://www.changeipaddress.net/us-ip-address-for-netflix/