A Denial of Service (DOS) attack attempts to prevent legitimate users from accessing information or services. By targeting your computer and its network, or the computers and network of the sites you are trying to use, an attacker may be able to prevent you from accessing email, websites, online accounts, or other services that rely on the affected computer.
Denial of Service (DOS) attack has become very common on the Internet because, they are much easier to accomplish than remotely gaining administrative access to a target system.
DOS attacks can be classified as logic attacks and resource exhaustion flooding attacks. Logic attacks are used to cause security vulnerabilities, to crash a server, or to reduce performance. Resource exhaustion flooding attacks cause the server's or network's resources to be consumed to the point where the service is no longer responding or the response is reduced.
These are a few of the classic denial of service attacks. Most of these rely upon weaknesses in the TCP/IP protocol. Vendor patches and proper network configuration have made most of these Denial of Service attacks difficult or impossible to accomplish.
The flood attack is the earliest form of denial of service attack. In this attack, the attacker simply sends more traffic than the victim could handle. This requires the attacker to have a faster network connection than the victim. This is the lowest-tech of the denial of service attacks, and also the most difficult to completely prevent.
Ping of Death Attack:
The ping of death was simply sending ping packets larger than 65,535 bytes to the victim. The Ping of Death attack relied on a bug in the Berkeley TCP/IP stack which also existed on most systems which copied the Berkeley network code. This denial of service attack can be performed with simple one line code.
Ping -l 86600 victim.org
This attack was later prevented by operating system developers by limiting the packet size sent to 65,500.
In a SYN attack, the attacker floods the target with SYN messages spoofed to appear to be from unreachable Internet addresses. This fills up the buffer space for SYN messages on the target machine, preventing other systems on the network from communicating with the target machine.
The Teardrop Attack uses IP's packet fragmentation algorithm to send corrupted packets to the victim machine. This confuses the victim machine and may hang it.
In the Smurf Attack, the attacker sends a ping request to a broadcast address at a third-party on the network. This ping request is spoofed to appear to come from the victims network address. Every system within the broadcast domain of the third-party will then send ping responses to the victim.
Distributed Denial of Service (DDOS) attacks
A Distributed Denial of Service (DDOS) attack is a denial of service attack which is performed from a large number of locations across the network. DDOS attacks are usually performed from a large number of compromised systems. These systems may have been compromised by a Trojan horse or a worm, or they might have been compromised by being hacked manually. DDOS attacks are the most dangerous attacks because they are very difficult to defend.
The frequency and sophistication of Denial of Service (DOS) and Distributed Denial of Service (DDOS) attacks on the internet are rapidly increasing. The companies and users are desperately trying to prevent these attacks. The threat posed by these attacks has led to several prevention mechanisms. Each prevention mechanism has its advantages and disadvantages over the others. This paper discusses about the DOS attacks and prevention mechanisms under different environments and proposes a best suited prevention technique for each environment.
In the last few years, there was an increase in sophisticate automated attacking techniques. The fully functional attack software's are made available on the internet, which can even be used by novice users without much knowledge to launch large scale attacks. By using fast spreading worms, the targeted networks are infected very quickly. To mitigate these attacks in minutes, the network managers should use semi-automated prevention mechanisms. To develop these semi-automated mechanisms, the developer should use the appropriate prevention mechanism for each environment.
As seen in the figure below, the attack size of DDOS attacks has grown through years ranging from 400 Mbps in the year 2002 to 49 Gbps in the year 2009. Every year majority of security threats are posed by DOS attacks.
Worldwide Infrastructure Security Report taken from Arbor Networks, Inc.