A denial-of-service (DoS) attack is an attempt to overwhelm a server or a network by sending many false requests to them. Attackers send large amount of false requests that consumes the server’s entire request handling capacity, so that legitimate users’ requests cannot be processed. Legitimate users receive denial of service from the server, which prevents them from accessing information from the Internet. A similar attack can be done on personal e-mail account by using spam. Since each e-mail account has a quota of receiving data. An attacker can send large amount or large size of e-mails to the target e-mail account to use up its entire quota, such that the target e-mail account has no quota to receive other messages.
Major types of DoS attacks:
It attacks computer systems by exceeding the limitations in the TCP/IP protocols. Attacker sends a ping packet to a computer. It crashes the target computer because the size of the ping packet is larger than the maximum packet size that a computer system can handle.
Under a normal situation, it takes three steps for a connection between a server and a computer to be established. Firstly, a client computer sends a TCP request of connection to a server called the SYN. Secondly, the server replies to the client computer with approval called SYN-ACK. Thirdly, the client computer has to reply to the server again to confirm the connection called ACK. When a DoS attack takes place, an attacker sends many false TCP requests with false addresses to the server. The server then replies each of the requests by sending SYN-ACK and wait for them to send ACK back in order to make the connection happen. However, the server can never get a reply because they are all false addresses. When the server closes the connection with those computer addresses, the attacker send a batch of false requests again. The cycle goes on and floods the server with false requests. It uses up the all the capacity of the server and prevents the server from processing any other requests. Distributed attacks
A Distributed Denial of Service (DDoS) attack is a collective and coordinated DoS attack to one target server or network using many computers. An attacker starts DDoS attack by taking advantage of security weaknesses in a computer system to make the computer the DDoS master. The master system then identifies and communicates to other computers system as agents. The master system can then control hundreds of agents to attack a target server at the same time with flooded requests, which causes denial of service for legitimate users of the system. Victim of a DDoS attack is not only limited to the target server or network. In fact, there are many victims in a DDoS attack because the agent computers are controlled by the intruder. The agent computers are forced to produce high volume of traffic by sending large amount of data to the target server or sending spam mails to a target e-mail account when the intruder/attacker starts a DDoS attack. So, the agent computers are also victims in a DDoS attack.
Symptoms of a DoS attack:
Links:
|
