Network Security - Kinds of Denial of Service Attacks and their protection
Denial of service attacks are a big threat to network security. Once a computer is disabled, it becomes easier for the hacker to impersonate the target computer and execute a command that weakens network security. Read the article to know about the common denial of service attacks and ways to protect from them.
A hacker can easily attack a network and disable some part of it or worse, bring down the entire network completely. Once a computer is disabled, it becomes easier for the hacker to impersonate the target computer. Next, your computer is left at the hands of the hacker. He may stop by causing a little inconvenience (Denial of service) or he may cause a bigger damage. Denial of service is an easy step to impersonate a computer. During the attack, the hacker extracts enough information to log on to your network. Once a computer in your network gets impersonated, the hacker can trick any of the machines to execute a command that weakens the network security.Kinds of Denial of Service Attacks
There are numerous methods by which a hacker can disable computers or their services. Users must configure firewall logs as preventive measures against these attacks. Some common denial-of-service-attacks are discussed below along with the ways of protection.
SYN and Land attacks
The networking capability of computers can also be disabled by overloading the target computer's network protocol software with information requests or connection attempts. Creating a TCP connection attempt is easy as all initial packets have a distinct SYN bit set only. Now, the receiving computer has to record this information. So, responding to the connection attempt takes not just memory space but also time. Taking advantage of this point, an attacker sends multiple SYN packets continuously so that the target computer gets busy processing these requests and in way, connection attempts from legitimate users get ignored.
Land attack is a variation of SYN attack. An empty connection gets acknowledged and remains until the server operating system times out.
ICMP flooding
This attack is very similar to SYN attack. The attacker sends a continuous stream of ICMP echo requests to the target computer which then, responds to echo requests and ignores information requests from legitimate users.
Ping of Death
If a computer's networking software does not check invalid ICMP packets, it becomes very easy for the hacker to crash the computer by sending specially constructed ICMP packets which violate construction rules. These ICMP packets are oversized and the TCP/IP implementation crashes due to errors linked to memory allocation.
E-mail bombs
These attacks are very common when someone sets up his computer to send emails to an address continuously. These constant emails are usually large files that waste bandwidth on receiver's network. The attack isn't serious and is easy to filter.
Service specific attacks
Sometimes, a hacker is interested in shutting down a service supported by your computer. He may do this to impersonate and use that specific service. Usually, hackers are interested in four services: RPC, DNS, WINS and NetBIOS. These services are fundamental parts of Windows networking and other services like Time are not even easy to break into.
For using a service, the network client should send data to the service in a fixed format. However, the attacker starts sending incorrect or meaningless messages. This crashes the service.
DNS Cache pollution
By methods like eavesdropping and snooping, a hacker can identify a computer that provides DNS services. He can also determine the sequence that computer uses to provide query IDs to the DNS queries and forge a response with invalid information. This can be done to redirect internet traffic to a suborned computer. Thus, client computers relying on DNS server fail to resolve internet names to valid IP address and reach incorrect web pages.
Route redirection
Routers direct the inward and outward flow of information within a network. This flow is governed by routing tables. If a hacker succeeds in making changes to routing tables, he can isolate some parts of the network and direct all traffic out of it. The data circulating within the network can thus be accessed by the hacker.
Read eBay hacking and lessons learnt to stay secured online