LabariaSoft Security Division - A division dedicated to netword and data security.
Home
Information
Articles
Contact Us
About Us

Home | Information | Articles | Contact Us | About Us

Search Query
 

How to Defend Against DoS Attacks

George Labaria, January 27, 2006

Denial of Service (DoS) attacks are one of the most common and simplest hacking attacks. A hacker initiates so many invalid requests to a network host that is uses its resources responding to them, and ignores legitimate requests.

The following types of DoS attacks are possible against your network and can cause systems to crash, and loss of data.

Individual Attacks

  • SYN Floods: The hacker floods a host with TCP SYN packets.
  • Ping of Death: The hacker sends IP packets that exceed the maximum length of 65,535 bytes, can lead to the crash of the TCP/IP stack on some operating systems.
  • WinNuke: This hacking attack can disable networking on older Windows operating systems. Newer operating systems like Windows 2000, and Windows XP might be immune to this type of attack.

Distributed Denial of Service (DDoS)

DDoS attacks generally cause more damage and create much more of an impact on the target network or host. This attack is basically the same as a DoS, but instead of an individual computer carrying out the attack, you have many, often thousands of computers.

Distributed Attacks

  • Smurf IP Attack: A hacker sends forged ICMP echo packets to broadcast addresses of vulnerable networks. All the systems on the network respond to the forged ICMP, and take up huge amounts of bandwidth.
  • UDP Flood Attack: UDP is a connectionless protocol and it does not require any connection setup to transfer data. A UDP flood attack is possible when a hacker sends a UDP packet to any port on the target network or host. The target network or host will then generate a ICMP packet in response. If enough UDP packets are sent to the target network or hosts the computer(s) will go down.
  • Trinoo and Tribe Flood Network Attacks (TFN): Sets of client and server-based programs launch packet floods against a target network or host, ultimately causing it to crash.

Defending Against DoS and DDoS Attacks

Most attacks are very difficult to predict, and most occur without warning, however by employing the correct countermeasures it can be easy to prevent.

  • Apply the latest security patches as soon as possible for routers, firewalls, servers, and operating systems.
  • Use IDS and IPD, or other network analyzer programs to monitor for attacks.
  • Configure firewalls and routers to block all faulty traffic. This can only be done if your system supports it.
  • Minimize IP spoofing by:
    • Using a PubLic Key Infrastructure (PKI)
    • Filtering out incoming packets that appear to come from a internal address: the local host (127.0.0.1) or any private and non-routable addresses such as 10.x.x.x, 172.16.x.x-172.31.x.x, or 192.168.x.x
  • Block all incoming ICMP traffic to your network unless you really need it.
  • Disable or uninstall unneeded programs that use TCP/UDP to minimize "open" ports.

   

 

©Copyright 2005 LabariaSoft
Designed and built by George Labaria