Denial of service attacks seek to disrupt the availability of a system, preventing authorized individuals from gaining legitimate access to the system or information that it contains. In this video, learn about the ways that attackers engage in denial of service attacks.
- [Instructor] Denial of Service Attacks are a category of attack that disrupts the normal use of computing resources. The CIA triad describes the three goals of information security professionals, confidentiality, integrity, and availability. Most of the attack techniques used by hackers focus on undermining the confidentiality or integrity of data. By far the most common motivation of an attacker is to steal sensitive information such as credit card numbers or social security numbers.
Attackers might also wish to alter information in an unauthorized fashion such as increasing bank account balances or defacing a website. Some attacks, however, focus on disrupting the legitimate use of a system. Unlike other attacks, these target the availability leg of the CIA triad. We call these attacks denial of service or DoS attacks. A denial of service attack is an attack that makes a system or resource unavailable to legitimate users.
It sends thousands or even millions of requests to a server, overwhelming it, and making it unable to answer any legitimate requests. Done well, denial of service attacks are very difficult to distinguish from legitimate requests made to a server. There are two huge issues with a basic denial of service attack from the hacker's perspective. First, they require large amounts of bandwidth. Sending lots of requests that tie up the server requires a large network connection. It becomes a case of who has a bigger network connection, the attacker or the victim? Second, they are easy to block.
Once the victim recognizes they are under attack, they can simply block the IP addresses of the attackers. That's where distributed denial of service, or DDoS come into play. DDoS attacks use botnets to overwhelm the target. The attack requests come from all over the place so it's difficult to distinguish them from legitimate requests. Let's take a look at an example. You may already be familiar with the ping command. This is a very simple network request that sends a packet known as an Echo Request to a system.
It's a kin to asking, are you there? The system receiving the Echo Request then sends an Echo Reply, essentially saying yes I am. In an attack known as the smurf attack, the attacker sends Echo Requests to the broadcast addresses of third party servers using a forged source address. That forged source address is actually the real IP address of the victim. When the third party servers receive the address, they believe they came from the victim and send the victim an Echo Reply.
The victim's network connection then becomes overwhelmed with replies received from all over the place. The smurf attack is also an example of a special type of DDoS attack known as an amplified attack. In a basic DDoS attack, bandwidth is a limiting factor. In an amplification attack, the attacker carefully chooses requests that have very large responses. The attacker can then send very small requests over his or her network connection that generate very large replies over the third party's network connection.
Variations on the smurf attack send carefully crafted requests that have very large responses. The amplification factor is the degree of amplification that takes place in an attack. If a response is twice the size of a request, the amplification factor is two. If an attacker designs an amplification attack that uses 64 byte queries to generate 512 byte responses, the amplification factor is eight. The attack sends eight times as much traffic to the victim as the attacker sent to the intermediaries.
Denial of service attacks are a serious threat to systems administrators as they can quickly overwhelm a network with illegitimate traffic. Defending against them requires that security professionals understand them well and implement blocking technology on the network that identifies and weeds out suspected attack traffic before it reaches servers. This is often done with cooperation of internet service providers and third party DDoS protection services.
- Comparing viruses, worms, and Trojans
- Backdoors and logic bombs
- Understanding the attacker
- Attack types: from denial of service to brute force attacks
- Preventing insider threats
- Wireless attacks
- Understanding cross-site scripting
- Preventing SQL injection
- Social engineering
- Scanning for vulnerabilities
- Penetration testing
- Assessing the impact of vulnerabilities