Mirror Magazine

Denial of Service attacks can also lead to problems in the network ‘branches’ around the actual computer being attacked. For example, the bandwidth of a router between the internet and a LAN may be consumed by DoS, meaning not only will the intended computer be compromised, but the entire network will also be disrupted.

IP spoofing is the most fundamental of all security threats in computer networks, as it helps the perpetrators of network attacks to hide their identity as well as the execution point(s) of the attack. Most DDoS attacks are carried out using ‘spoofed’ source IP addresses, to make it difficult to identify the sources of the attack. This is to make the attack difficult to defuse, as spoofed IP headers make it difficult for the origin(s) of the attack to be identified and blocked off.

Reflector attack packets may contain genuine source addresses, but it is those servers’ inability to verify the source of ‘spoofed’ requests that cause the attack. If for example a server being used as a reflector can find out that the requests it receives are ‘spoofed,’ it can easily take steps not to respond to those requests, and thereby avoid being part of the attack. Collectively, that would make it impossible for attackers to use reflectors to carry out a DoS attack.

One of the most fundamental problems faced when responding to DoS attacks is to differentiate between legitimate service requests and attack traffic; to service legitimate requests and drop attack packets. A failure to distinguish between the two could lead to legitimate requests not being served, leading the ‘denial of (legitimate) services,’ either as a result of the attack or as a consequence of a response to the attack.

Identifying a DoS attack is also a challenge, as it could be difficult to distinguish between a DoS attack and a sudden increase in legitimate traffic. This task is further complicated by IP spoofing, which makes it very difficult to differentiate between attack traffic and legitimate traffic. The difference between heavy network traffic and a DoS attack can be ambiguous at the best of times.

Detection of a DoS attack is complicated given the above two reasons. A DoS attack may not be detected until services or service quality actually breaks down. Furthermore, the exact point at which legitimate service requests are not met as a result of an ‘attack’ on the system or network is difficult to predict or determine. An increase in legitimate traffic may cause DoS. However, there is no way of avoiding the degradation of quality of service under such circumstances other than by increasing bandwidth.