omotam img

Skip to main content
  1. Posts/

CEH v10: 10 Denial of Service

··553 words·3 mins·

Denial-of-Service is type of attack on which service offered by a system or a network is denied. Service may either be denied, reduce the functionality or prevent the access.

Symptoms of DoS attack: #

  • Slow performance
  • Increase in spam email
  • Unavailability of a resource
  • Loss of access to a website
  • Disconnection of a wireless or wired internet connection
  • Denial of access to any internet services

Distributed Denial of Service (DDoS) #

In DDoS, multiple compromised systems are involved to attack a target.

The attacker send several connection request to the server with fake return address, so the server can’t find a user to send the connection approval. The authentication process waits for a certain time to close the session. The attacker is continuously sending requests which causing a number of open connection on the server that lead to a denial of service.

Categories of DoS/DDoS Attacks #

Volumetric Attacks #

Denial of Service attack performed by sending a high amount of traffic towards the target. Volumetric attack are focused on overloading the bandwidth capability.

Fragmentation Attacks #

DoS attacks witch fragment the IP datagram into multiple smaller size packets. It requires to reassembly at the destination which requires resources of routers.

Types:

  • UDP and ICMP fragmentation attacks
  • TCP fragmentation attacks

TCP-State-Exhaustion Attacks #

TCP-State-Exhaustion Attacks are focused on web servers, firewalls, load balancers and other infrastructure component to disrupt connections by exhausting their finite number of concurrent connections.

Most common state-exhaustion attack is ping of death.

Application Layer Attacks / Layer 7 DDoS #

The application level attack overloads the particular service of a website or application.

DoD/DDoS Attack Techniques #

Bandwidth Attacks #

Bandwidth attack requires multiple sources to generate q request to overload the target. The goal is to consume the bandwidth completely.

Zombie servers or Botnets used to perform this type of attack.

Service Request Floods #

Attacker flood the request towards a web service or server until it is overloaded.

SYN Attack / Flooding #

The attacker sending a lot of SYN request to tying up a system. The victim waits for the acknowledgement from the IP address, but there will be no response because the source address is spoofed. This waiting period ties up a connection “listen to queue”, that can tie up for 75 seconds.

ICMP Flood Attack #

Flooding ICMP request without waiting for the response overwhelm the resource of the network device.

Peer-to-Peer Attacks #

Exploit bugs in peer-to-peer servers using Direct Connect (DC++). Using one or more malicious hosts in a peer-to-peer network to perform the attack.

Permanent DoS Attack (PDoS) #

Permanent DoS attack is focused on hardware sabotage, cause irreversible damage to the hardware. Affected hardware require replacement or reinstall the software.

Methods:

  • Phlashing
  • Bricking a system : sending fraudulent hardware updates

Application Level Flood Attacks #

Attacker finds the fault and flaws in an application or operating system and exploits the vulnerability to gain control over a system.

Distributed Reflection Denial of Service (DRDoS) #

Attacker uses an intermediary victim which redirect the traffic to a secondary victim. Secondary victim redirects the traffic to the target. The intermediary and secondary victim is used for spoofing the attack.

Botnet #

Attacker compromises victims to make bot, which compromise other system to create a botnet. These botnets are controlled by Command and Control server owned by the attacker. This server is used to send instructions to perform the attack.