Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Edge Articles

The Beginner's Guide to Denial-of-Service Attacks: A Breakdown of Shutdowns

DoS attacks come in many varieties (not just DDoS). This simple set of descriptions will help you understand how they're different - and why each and every one is bad.

TCP/IP networking depends on a whole series of protocols and functions working together. Because these protocols must flow along with the data on a network, they can't simply be blocked by firewalls. That ability to traverse networks makes them useful for attackers who wish to deny a victim access to their network by sending protocol requests or responses in volumes far higher than that seen normally. 

How Protocol-Based DoSes work:

Address Resolution Protocol (ARP) is one of these core protocols. ARP ties a device's physical address (the MAC) to its network address (its IP address). ARP requests and responses are typically between two computers who need to communicate. An ARP Flood attack sends ARP responses to every computer on the network, filling their ARP cache, and making it difficult or impossible for them to resolve addresses and communicate with other computers.

A different protocol attack is the SYN attack. SYN is the opening of the connection conversation in IP networking: The requesting computer sends SYN and expects ACK in return. In a SYN attack, the attacker sends SYN after SYN, never waiting for an ACK. With each SYN, the victim has to open a new network port connection, until the maximum number of connections has been reached and no new connection can be started.

Other protocol DoS attacks use additional protocols. These attacks have colorful names like "PING of Death" (which uses the connection verification protocol PING), and Smurf DDOS, which uses PING in ways that amplify the size and impact of the attack.

In each of these cases, the attack denies access to the application by choking a particular network port or access protocol. Because the attack is targeting such a narrow part of the network stack, the traffic volume doesn't have to be as high as in volume-based attacks.

How to defend against it:

Defending against these protocol attacks is often a case of carefully crafting server or routerconfiguration files to limit the system's susceptibility to maltreatment — reducing timeout parameters so stalled transactions are reset more quickly, for example. As long as networking is based on the IP stack, though, networks will be susceptible to attack through the critical protocols.

{Continued on Next Page}

Curtis Franklin Jr. is Senior Analyst at Omdia, focusing on enterprise security management. Curtis has been writing about technologies and products in computing and networking since the early 1980s. He has been on staff and contributed to technology-industry publications ... View Full Bio
3 of 4
Print  | 
More Insights
Flash Poll