Types of DoS and DDoS Attacks

Out of all the numerous types of cyberattacks, Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks are probably among the most vicious. That’s because they can cause an exceptional amount of damage, especially long-term damage, in a relatively short amount of time, with no warning whatsoever. The basic form, a DoS attack, is an online attack in which a hacker sends excessive amounts of traffic to a website or network in order to overwhelm a site to the point where its server crashes and fails to respond to all the incoming requests for connection, rendering the site unable to operate. When these hackers use multiple computers to flood a site with traffic, the attack is then called a DDoS attack. Traffic overload crashes that happen to websites can result from other innocuous things like big holiday sales or a major news headline that has people rushing to sites for details. However, a lot of the times, these crashes are caused by the deliberate efforts of cyber attackers who seek to hurt these sites, which could be for a variety of reasons. Some attackers may have political motives, attacking government sites or sites of candidates running for office because they disagree with current regulations, policies, or stances on certain issues. Other attackers may actually be competitors of the owners of these target sites, so they try to cripple a business with a DoS or DDoS attack that keeps customers from accessing their sites to view content or make purchases. That, in effect, leads customers to find what they’re seeking elsewhere, typically at the competitors’ sites.What makes DoS and DDoS attacks so dangerous is that their effects can be catastrophic and challenging to recover from, which can impair the operation and profitability of a business. If customers of a site cannot connect to an attacked site, then not only will they go to a competitor’s site for what they need or want, but they will also lose faith in the performance and reliability of the business or organization behind those sites. Such an effect can have a long-term if not permanent detrimental impact on a company’s revenue, profits, brand reputation, and overall viability.As severe as DoS and DDoS attacks can be, it’s important to be aware of the different types of forms they can take to strike websites. Here are a few variations of DDoS attacks that attackers employ to paralyze websites.

Ping of Death

Also known as PoD, the Ping of Death is a denial of service attack that takes advantage of the IP, or Internet protocol that is used to send packets of data across networks from a source host to a destination host through IP addresses. These packets in transmission have size limits, so a PoD attack works by sending packets that exceed these limits. Attackers split the packets into smaller units called fragments, so when the targeted system tries to reassemble the original oversized packets, it gets overwhelmed and crashes or reboots.Although PoD attacks are not as rampant now as they were about 20 years ago, some variations of it are popular, like the Teardrop Attack.

Slowloris

Known as an especially challenging DDoS attack to control, a Slowloris attack targets web servers by keeping connections with them open for a long as possible with HTTP requests until a website on the server cannot stay online any longer. This DDoS attack is efficient for attackers because it requires minimal resources; this was also the kind of attack used against the 2009 Iranian presidential election.

SYN Flood

The Transmission Control Protocol (TCP) is one of the types of protocols used to enable data transmission between applications of hosts that communicate over an IP network. Because this protocol is a connection-oriented service, TCP connections require a synchronization and acknowledgement process, also called a “three-way handshake,” to operate. The client host device sends a synchronized or SYN message to a server to request communication, and the server acknowledges the request by sending an acknowledgement or ACK flag to the client. Upon receiving the acknowledgement, the client closes and therefore establishes the connection. In a SYN flood, however, attackers send a target server an overflow of spoofed connection requests, and when the target acknowledges the requests, the attacker, as the client, does not close or complete the connections. This causes the target server to time out while waiting for the attacker-client to establish the connection, causing the target to crash and go offline.

Teardrop Attack

In a teardrop DoS attack, the attacker sends IP data packets in the form of fragments to the victim system. However, when the victim system tries to reconstruct the fragments into the original packets, it is unable to do so and ends up crashing. The crash takes place because the fields specifying the size and fragmentation offset, or starting point, in the packets are manipulated to overlap, creating confusion for the victim system that fails to reassemble the original packets.

UDP Flood

A connectionless protocol that involves no communication in advance between sender and receiver nodes to set up a connection channel, the User Datagram Protocol (UDP) is used to send messages called datagrams between computer applications over an IP network. In a UDP flood, attackers inundate random ports on the victim’s network or computer with packets of datagrams. The victim computer or network tries to match the datagrams with applications that listen at the ports, but no applications are found, so the target fails as it gets overwhelmed with packets.

Guard Against Potential Cyber Threats

DoS and DDoS attacks are severe cyberattacks that can be multi-functional, exploiting various tools and protocols at the same time to take a site or network offline. Because they can get quite elaborate, it often takes multi-layered strategies to fight against them. But before anyone can start using tactics and resources to control DDoS attacks, he has to understand how things like website connectivity and networks operate. To get some insight into such topics, check out Cybrary’s catalog of cybersecurity courses.

• Denial of Service PCAP Analysis
• Developing a Security Strategy
• Incident Response & Advanced Forensics