Denial-of-Service (DoS) and Distributed Denial of Service (DDoS) attacks target and absorb resources to the extent that those resources or services can no longer be used. This is a more surreptitious form of attack as the ID of an authorized user isn’t required. These attacks usually occur during network connectivity & host availability tests.
Here are some examples of DoS and DDoS attacks:
- Smurf: An attack based on using the Internet Control Message Protocol (ICMP) echo request through the ping function. The originating site (source site) will send an altered or spoofed ping packet to the broadcast address of a network (the bounce site). The target site’s address is carried in the modified ping packet. This triggers the bounce site to broadcast bogus information to all of the devices on its local network. The devices then respond with a reply to the target system, which will then be flooded with these replies.
- Buffer Overflow: This is an attack where a process is flooded with data beyond its capacity to handle. If that process isn’t equipped to deal with an excessive amount of data, it reacts in unexpected ways that an attacker can exploit.
- Ping of Death: This is a version of the buffer overflow attack. This packet exploits a flaw with ICMP by sending an ECHO packet of more than 65K octets of data, which can create an overflow of system variables which causes the system to crash.
- Teardrop: This attack targets UDP. The attacker revises length and fragmentation of offset fields in sequential UDP packets and transmits them to a system. When the system attempts to reassemble the packets from the fragments, the fragments overwrite each other cycling contradictory instructions to the system on how the fragments are offset on these packets. The end result: the target system crashes.
- SYN: A method where the attacker exploits the use of the buffer space during a three-way Transmission Control Protocol (TCP) session initialization handshake. A source host sends a TCP SYN request when requesting a connection session with the destination host that will respond with an acknowledgement (ACK), and return a SYN response. The normal process from here is the source host sends a final ACK packet, but in a SYN attack the attacker sends a barrage of SYN requests without ever sending the final ACK. This causes the target system to time out while waiting for the proper response, eventually making the system crash or become unusable.
- TCP Hijacking: In a TCP hijacking, the session between a trusted client and network server is hijacked. The attacker substitutes its IP address for that of the trusted client. Once the session is disrupted, the attacker has the opportunity to create a new back door account or can access files and services that a legitimate host has access to. This type of attack usually happens after a trusted client has connected to the network server.
- Social Engineering: Social engineering is not a computer exploit but an easy tactic for attackers who wish to access sensitive information that can compromise information systems. It’s challenging to develop an effective defense against this type of attack. Social Engineering uses social interactions and relationships to seize information, such as passwords, to gain entry into a protected system. Some examples: the attacker obtains access to a device from an authorized user and takes unwarranted actions such as requesting passwords; befriending and soliciting a colleague for sensitive information. The best defense against Social Engineering is awareness training and reinforcement of security policies regarding disclosure of information.
- Dumpster Diving: Like Social Engineering, Dumpster Diving is not an active attack against a system. This method is where the attacker forages through information that has been discarded. Attackers will thoroughly rummage through trash to locate items of value such as: credit card statements; password lists; and organization charts. It may also include phone numbers and usernames, information that can be used in social engineering attacks.
- Software Exploitation: Software Exploitation is not a concentrated attack executed in a single hit, but a strategic exploitation of weaknesses in the code of a software program. Once vulnerabilities in the operating system are identified, an attacker can use this to their advantage to infiltrate resources and data.