A denial-of-service attack (DoS) is an attack on
a computer system or network that causes a loss of service to users,
typically the loss of network connectivity and services, by consuming
the bandwidth of the victim network, or overloading the computational
resources of the victim system. Denial of Service (DoS) attacks
on web services is a growing problem in the expanding global communication
network. The problem is further compounded by the fact that execution
of DoS attacks does not require expert computer or networking knowledge.
It is also relatively easy to use the principles of a DoS attack,
in order to launch a Distributed Denial of Service (DDoS) attack,
simply by scattering seemingly harmless ‘code’ to other
nodes in a network (known as a BotNet) that could be synchronised
to multiply the effectiveness of the attack. The fact that most
types of DoS and DDoS attacks require minimal technical knowledge
to execute has made it one of the most common and effective ways
of attacking a web entity or service.
types of DoS attacks rely primarily on brute force, flooding the
target with an overwhelming flux of packets, overwhelming a connection
beyond the saturation point of its bandwidth, or depleting the target's
system resources such as memory, disk space and processor time.
Bandwidth-saturating floods rely on the attacker (or more commonly
attackers) having higher bandwidth available than the victim. A
common way of achieving this today is via Distributed Denial of
Service, employing a botnet. Other floods may use specific packet
types or connection requests to saturate finite resources by, for
example, occupying the maximum number of open connections, or filling
the victim's disk space with meaningless data.
Ping flood is based on sending the victim an overwhelming
number of ping packets, usually using the ‘ping – f’
command. It is very simple to launch; the primary requirement being
access to greater bandwidth than the victim. SYN flood sends a flood
of TCP/SYN packets, often with a forged sender address. Each of
these packets is handled like a connection request, causing the
server to spawn a half-open connection, by sending back a TCP/SYN-ACK
packet, and waiting for a TCP/ACK packet in response from the sender
However, because the sender address is forged,
the response never comes. These half-open connections saturate the
number of available connections the server is able to make, keeping
it from responding to legitimate requests until after the attack
A smurf attack is one particular variant of a
flooding DoS attack on the public internet. It relies on misconfigured
network devices that allow packets to be sent to all computer hosts
on a particular network via the broadcast address of the network,
rather than a specific machine. The network then serves as a smurf
amplifier. In such an attack, the perpetrators will send large numbers
of IP packets with a faked source address that is set to the address
of the intended victim. To combat Denial of Service attacks on the
internet, services like the Smurf Amplifier Registry have given
network service providers the ability to identify misconfigured
networks, and to take appropriate action such as filtering.
A ‘banana attack’ is another particular
type of DoS. It involves redirecting outgoing messages from the
client back onto the client, preventing outside access, as well
as flooding the client with the sent packets.
Attacks can be directed at any network device,
including attacks on routing devices, and web, electronic mail,
or Domain Name System servers. An attacker with access to a victim's
computer may slow it until it is unusable, or crash it by using
a fork bomb. There are short-term and long-term countermeasures
against DoS attacks, which we will discuss in the weeks to come.
Until then, keep your emails rolling in to firstname.lastname@example.org.
(Please note that our previous email address is no longer functional.)