The bad guys can attack servers and network infrastructure

The bad guys can attack servers and network infrastructure

A large class of security threats can be classified as denial-of-service (DoS) attacks. As the name suggests, a DoS attack renders a network, host, or other piece of infrastructure unusable by legitimate users. Web servers, e-mail servers, DNS servers (discussed in "Application Layer"), and institutional networks can all be subject to DoS attacks. Internet DoS attacks are very common, with thousands of DoS attacks occurring every year [Moore 2001; Mirkovic 2005]. Most Internet DoS attacks fall into one of three categories:

●  Vulnerability attack. This involves sending a few well-crafted messages to a vulnerable application or operating system running on a targeted host. If the right sequence of packets is sent to a vulnerable application or operating system, the service can stop or, worse, the host can crash.

●  Bandwidth flooding. The attacker sends a flood of packets to the targeted host - so many packets that the target's access link becomes blocked, preventing legitimate packets from reaching the server.

●  Connection flooding. The attacker establishes a large number of half-open or fully open TCP connections (TCP connections are discussed in "Transport Layer") at the target host. The host can become so bogged down with these bogus connections that it stops accepting legitimate connections.

Let's now look at the bandwidth-flooding attack in more detail. Recalling our delay and loss analysis discussion in "Queuing Delay and Packet Loss", it's obvious that if the server has an access rate of R bps, then the attacker will need to send traffic at a rate of approximately R bps to cause damage. If R is very large, a single attack source may not be able to generate enough traffic to harm the server. Moreover, if all the traffic originates from a single source, an upstream router may be able to detect the attack and block all traffic from that source before the traffic gets near the server. In a distributed DoS (DDoS) attack, illustrated in the following figure, the attacker controls multiple sources and has each source blast traffic at he target.

A distributed denial-of-service attack

With this technique, the total traffic rate across all the controlled sources needs to be approximately R to cripple the service. DDoS attacks leveraging botnets with thousands of comprised hosts are a common occurrence today [Mirkovic 2005]. DDos attacks are much harder to detect and defend against than a DoS attack from a single host.

We encourage you to consider the following question as you work your way through this blog: What can computer network designers do to defend against DoS attacks? We will see that different defenses are needed for the three types of DoS attacks.



Tags

computer network, packets, server

Copy Right

The contents available on this website are copyrighted by TechPlus unless otherwise indicated. All rights are reserved by TechPlus, and content may not be reproduced, published, or transferred in any form or by any means, except with the prior written permission of TechPlus.