Distributed Denial of service attack (DDOS)
A Denial of service attack (DOS) or Distributed Denial of service attack (DDOS) is an attack in which unauthorized users exhaust the computer system resources thereby preventing access by authorized users.
Most common method of DOS attack involves overloading the target system with too many requests for resources, such that it cannot respond to legitimate requests.
SYMPTOMS COULD INCLUDE:
- Inability to access the website
- System abruptly reboots or stops responding several times
- Abnormally slow network performance
HOW TO PREVENT DENIAL OF SERVICE ATTACK?
Following are the different types of DOS attacks and how to prevent them in your environment:
PING FLOOD ATTACK
Ping flood attack relies on ICMP echo ping command which is normally used for testing network connectivity. In this attack ping is used to flood large amounts of data packets to the victim’s computer to try to overload the system. Simply block the IP Address from accessing your network.
PING OF DEATH:
If you send a packet larger than 65,535 bytes, which is the maximum size of a packet, this could crash your operating system. All operating systems as of today are unaffected by this attack. If you are running a network with outdated devices, consider upgrading these devices.
In this type of attack the attacker spoofs the IP Address of the victim computer and sends a large amount of ICMP Ping broadcast traffic to the network address. The ICMP echo reply’s coming back to the victim computer will overwhelm the system and make the system unavailable. To prevent this type of attack configure your router to not respond to ping requests send to broadcast addresses and configure your router not to forward packets directed to broadcast addresses. Use the following commands to block this type of attacks on the border router and firewall. no ip directed-broadcast no ip source-route
Fraggle attack is similar to Smurf attack except that it uses UDP protocol instead of TCP protocol. This attack is not wildly used compared to Smurf attack. To prevent this attack you might want to consider blocking echo port 7 and port 19 on the firewall
SYN FLOOD ATTACK
The SYN flood attack takes advantage of the TCP three-way handshake. In this type of attack the attacker sends a TCP SYN packet to the server and when the server responds with a SYN-ACK packet, the attacker system ignores it. Now the server has half-open connections consuming resources. Operating systems of today are designed to fix this issue. If you are running older devices, consider upgrading to newer once.