Denial of Service

Written and Presented by: Craig Schweitzer

Denial of Service (Summary)

What is a denial of service (DoS)
attack? What are the types of DoS attacks? What are the solutions to DoS attacks?

What is Denial of Service?

An attack on a network Harms or stops network from running Not used to gain unauthorized entry, just
to mess it up User or organization is deprived of services that are usually expected Destroy the networks usability and make it unable to function properly

Types of DoS Attacks

Physical destruction of network
components Use of scarce, limited, or nonrenewable resources Destruction or alteration of configuration information

Physical Destruction of Network Components

Not very technical Easiest type of attack More of a security issue Can lead to more serious problems than
just DoS attack Occurs when a cable is cut, server is destroyed, etc.

Consumption of Scarce, Limited, or Non-Renewable Resources

SYN Attack Buffer Overflow Attack Teardrop Attack Smurf Attack UDB Port DoS Bandwidth Consumption E-mail Bombing or Spamming

Consumption of Scarce, Limited, or Non-Renewable Resources(Contd)

Generating errors that must be logged Placing files in anonymous ftp areas or
network shares

SYN Attack
Network connectivity attack Begins when TCP is initiated Sends many requests to the connection Does not respond to reply Leaves the initial packet in buffer so that
other connections cannot be initiated

Other Attacks
Buffer Overflow Attack
Sending larger than anticipated amount of data Teardrop Attack Attacks the weakness of the IP address Divides large files into fragments Attaches confusing info to a later fragment

Other Attacks (Contd)

Smurf Attack
IP spoofed packets Floods the hosts network UDB Port Denial of Service Use your own resources against you Bandwidth Consumption E-mail Bombing or Spamming

Alteration or Destruction of Configuration Information

Altering routing information Altering registry values Basically, any outside alteration of
any significant configuration information

Means of Prevention
The first rule to combating a denial of
service attack is to plan ahead Without an initial plan, your system is wide open to imminent doom Do a cost benefit analysis on whether it would be worth while to secure your system before a problem occurs against the down-time due to a DoS attack

Means of Prevention (Contd)

After the analysis occurs, implement your
system Implement router filters to protect against SYN Flooding and accidental DoS attacks initiated by the users Install all available and many times necessary patches to protect the network Disable any unused or unnecessary network services

Prevention while Network is Implemented

Watch the system carefully Make sure there is no substantial irregular
activity occurring on the network Check the network configuration to make sure it is implemented properly Have a back-up system that can be used in case any severe problems occur in the original machine

Prevention while Network is Implemented (Contd)

Make sure your passwords and back-ups
are up to date so you can easily restart the network from a safe start point Trace any problem back to the source IP and combat these problems through administrative or legal actions

Summary
We now understand what a DoS Attack is We now know many different types of DoS
Attacks and a little about what they are meant to do We now understand how to combat DoS Attacks from harming our network, and know what to do if they occur

References

http://whatis.techtarget.com/definition/0,289893,sid9_g ci213591,00.html http://www.isprank.com/glossary/Denial+of+Service.ht ml http://www.cert.org/tech_tips/denial_of_service.html http://www.cs.hut.fi/~peronen/publications/netsec_200 0.pdf