The Scope of Denial of Service (DoS) Attacks
Denial of Service (DoS) attacks and Distributed Denial of Service (DDoS) attacks vary in both type and target. According to McClure, Scambray, and Kurtz (3005), DoS attacks prior to the year 2000 were largely targeted at the vulnerabilities of specific operating systems and most of those vulnerabilities have been patched. The DoS attacks of today are geared at “Capacity Depletion” (McClure, et al., 2005) and aim to remove the ability of authorized users from accessing the target systems.
Amplification is a common technique of modern DoS attacks, as demonstrated by the well-known Smurf attack. This type of attack sends echo request packets to the broadcast address of a network. Every device on the network then responds with an echo reply packet. A small number of packets from the attacker can cause an overwhelming number of responses.
The first step to defending against DoS attacks is to implement proper access controls at the perimeter. Rate limiting, black-hole filtering, and the “’ip verify unicast reverse-path (or non-Cisco equivalent)’ command should be enabled on the upstream connection” (Tanase, 2003). These commands limit the amount of bandwidth that a particular data-flow can consume, forward offending packets to the null interface, and check to make sure that the source address of an incoming packet has an entry in the routing table and that the route is out the interface on which the packet arrived.
The DDoS attack can be devastating to any network on the receiving end, and for a small organization, may also be nearly impossible to mitigate without cooperation from the up line provider. The best mitigation technique is to establish a plan with the Internet Service Provider (ISP) that provides Internet access to help locate and stop the flow of traffic. Some of the above mentioned measures may help but sometimes the best course of action is to take the target device off line and wait out the attack. The economic implications of this type of attack depend on the business purposes of the affected targets.
References
McClure, S., Scambray, J., and Kurtz, G. (2005). Chapter 10: Denial of service attacks.Hacking Exposed Network Security Secrets & Solutions (5th Ed.). Emeryville, CA: Mcgraw-Hill / Osborne.
Tanase, M., (2003). Closing the floodgates: DDoS mitigation techniques. Security Focus.Downloaded May 8, 2008 from http://www.securityfocus.com/infocus/1655.
What do you think?
The author appreciates all comments.
