The Scope of Denial of Service (DoS) Attacks

Denial of Service (DoS) attacks and Distributed Denial of Service (DDoS) attacks vary in both type and target. According to McClure, Scambray, and Kurtz (3005), DoS attacks prior to the year 2000 were largely targeted at the vulnerabilities of specific operating systems and most of those vulnerabilities have been patched. The DoS attacks of today are geared at “Capacity Depletion” (McClure, et al., 2005) and aim to remove the ability of authorized users from accessing the target systems.

Amplification is a common technique of modern DoS attacks, as demonstrated by the well-known Smurf attack. This type of attack sends echo request packets to the broadcast address of a network. Every device on the network then responds with an echo reply packet. A small number of packets from the attacker can cause an overwhelming number of responses.

The first step to defending against DoS attacks is to implement proper access controls at the perimeter. Rate limiting, black-hole filtering, and the “’ip verify unicast reverse-path (or non-Cisco equivalent)’ command should be enabled on the upstream connection” (Tanase, 2003). These commands limit the amount of bandwidth that a particular data-flow can consume, forward offending packets to the null interface, and check to make sure that the source address of an incoming packet has an entry in the routing table and that the route is out the interface on which the packet arrived.

The DDoS attack can be devastating to any network on the receiving end, and for a small organization, may also be nearly impossible to mitigate without cooperation from the up line provider. The best mitigation technique is to establish a plan with the Internet Service Provider (ISP) that provides Internet access to help locate and stop the flow of traffic. Some of the above mentioned measures may help but sometimes the best course of action is to take the target device off line and wait out the attack. The economic implications of this type of attack depend on the business purposes of the affected targets.

References

McClure, S., Scambray, J., and Kurtz, G. (2005). Chapter 10: Denial of service attacks.Hacking Exposed Network Security Secrets & Solutions (5th Ed.). Emeryville, CA: Mcgraw-Hill / Osborne.

Tanase, M., (2003). Closing the floodgates: DDoS mitigation techniques. Security Focus.Downloaded May 8, 2008 from http://www.securityfocus.com/infocus/1655.

What do you think?

The author appreciates all comments.

More by this Author


Comments 2 comments

Dumbledore profile image

Dumbledore 4 years ago from Somewhere in Ohio Author

Thank you for the question, tamarawilhite.

The problem with a failover type of backup system that you describe is that if both servers reside in the same domain then they typically respond to the same IP address, this means that when one server drops off because a DoS is under way, the other server goes down as well.


tamarawilhite profile image

tamarawilhite 4 years ago from Fort Worth, Texas

Setting up mirrored servers as a backup can permit a site to stay running when the primary server is down. How well does that work as a backup when the shut down is due to a Denial of Service attack?

    Sign in or sign up and post using a HubPages Network account.

    0 of 8192 characters used
    Post Comment

    No HTML is allowed in comments, but URLs will be hyperlinked. Comments are not for promoting your articles or other sites.


    Click to Rate This Article
    working