Click here to read Denial of Service (DoS) Attacks The Basics
In this section we are going to cover different ways that can be used to carry out denial of service attacks. Note that no matter what kind of DoS attacker selects his/her motives remain same i.e bandwidth consumption, disrupting network connectivity or the destruction of configuration information.
1.Smurf DoS or Ping Flood:
In this type of attack an attacker sends large number of ICMP echo (ping) to IP broadcast address and all the packets he/she sends have spoofed IP addresses. If the victim accepts IP broadcast request packets, then it will take ICMP request and reply thus multiplying the traffic by number of hosts resulting bandwidth consumption. Modes of attack used are bandwidth consumption and network connectivity.
2.Fraggle DoS Attack:
It is same as Smurf DoS attack but instead of ICMP packets it uses UDP echo requests. Modes of attack used are bandwidth consumption and network connectivity.
3.Buffer Overflow Attack:
Most commonly used DoS attack, can be performed locally or remotely. Most commonly used attack method is using a vulnerable application or program. Result of compromise on security of network. Common modes of attacks are misuse of internal resources and altering configuration.
4.Ping Of Death:
In this type of attack an attacker deliberately sends an ICMP echo packet of more than 65536 bytes. IP packet with size of 65536 bytes is oversized packet for TCP/IP stack. Many OS don’t know how to response to such huge packet resulting in freezing or crashing down. Attack mode can be classified as altering of configuration and misuse of resources.
This attack takes advantage of fragmentation of IP packets during transmission. A large packet is chopped in pieces for easy transmission with each having sequence number in offset so that when all chucks get received they can be easily combined. In tear drop attack an attacker manipulates the offset value of the second or later fragment to overlap with previous or next one. This attack may cause hang and crash of system. Mode of attack is altering configuration.
6.SYN Half Open and SYN Flood:.
In SYN half open attack attacker exploits weakness in TCP three way handshake method and sends only SYN packet with spoofed IP and thus the target waits for opened connection to completed and since IP is spoofed there remains hardly any chance that connected will be completed. This results in non-availability of resources builds overload on system and it crashes down.
In SYN flood attack attacker sends thousands of SYN packets to victim with huge frequency than it can handle resulting in denial of further requests. Both can be categorized under attacks against consumption of network resources and altering configuration.