Advertise

Edge Articles

9/25/2019
10:00 AM

Curtis Franklin Jr.
Edge Features

1 Comment
Comment Now

The Beginner's Guide to Denial-of-Service Attacks: A Breakdown of Shutdowns

DoS attacks come in many varieties (not just DDoS). This simple set of descriptions will help you understand how they're different - and why each and every one is bad.

TCP/IP networking depends on a whole series of protocols and functions working together. Because these protocols must flow along with the data on a network, they can't simply be blocked by firewalls. That ability to traverse networks makes them useful for attackers who wish to deny a victim access to their network by sending protocol requests or responses in volumes far higher than that seen normally.

How Protocol-Based DoSes work:

Address Resolution Protocol (ARP) is one of these core protocols. ARP ties a device's physical address (the MAC) to its network address (its IP address). ARP requests and responses are typically between two computers who need to communicate. An ARP Flood attack sends ARP responses to every computer on the network, filling their ARP cache, and making it difficult or impossible for them to resolve addresses and communicate with other computers.

A different protocol attack is the SYN attack. SYN is the opening of the connection conversation in IP networking: The requesting computer sends SYN and expects ACK in return. In a SYN attack, the attacker sends SYN after SYN, never waiting for an ACK. With each SYN, the victim has to open a new network port connection, until the maximum number of connections has been reached and no new connection can be started.

Other protocol DoS attacks use additional protocols. These attacks have colorful names like "PING of Death" (which uses the connection verification protocol PING), and Smurf DDOS, which uses PING in ways that amplify the size and impact of the attack.

In each of these cases, the attack denies access to the application by choking a particular network port or access protocol. Because the attack is targeting such a narrow part of the network stack, the traffic volume doesn't have to be as high as in volume-based attacks.

How to defend against it:

Defending against these protocol attacks is often a case of carefully crafting server or routerconfiguration files to limit the system's susceptibility to maltreatment — reducing timeout parameters so stalled transactions are reset more quickly, for example. As long as networking is based on the IP stack, though, networks will be susceptible to attack through the critical protocols.

{Continued on Next Page}

Curtis Franklin Jr. is Senior Analyst at Omdia, focusing on enterprise security management. Curtis has been writing about technologies and products in computing and networking since the early 1980s. He has been on staff and contributed to technology-industry publications ... View Full Bio

3 of 4

Email This |

Print |

RSS

More Insights

Webcasts

Securing Edge Networks

The Right Approach to Zero-Trust for IoT Devices

More Webcasts

White Papers

ESG Report: Automated Application Security Testing for Faster Development

The Big Business Of Cybercrime: A Deep Dive Guide

More White Papers

Reports

Everything You Need to Know About DNS Attacks

Automate IT: Modernizing IT Service Management in Healthcare

More Reports

[close this box]

OVER THE EDGE

11 Security Certifications to Seek Out This Summer

A View From Inside a Deception

'Beware the Lady Named Katie'
Source: Darius Koohmarey

Name That Edge Toon: Security Grill

Latest Comment: Upper managment talked to another consultant and is helping us with security again. At least we get lunch.

Flash Poll

All Polls

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]