« Denial of Service Attack DoS | Part 2
Denial of Service Attack DoS | Part 4 »

Denial of Service Attack DoS | Part 3

UDP Flooding

This denial of service exploits the connectionless mode of the UDP. It creates a UDP Packet Storm (a large amount of UDP packets) or destination of a machine or between two machines. Such an attack between two machines leads to congestion and a saturation of resources on both hosts. Congestion is more important that the UDP traffic has priority over the TCP traffic.

In fact, TCP has a mechanism for congestion control, if the acquittal of a packet arrives after a long period, this mechanism adjusts the transmission frequency of packets and the TCP throughput decreases. UDP has no such mechanism. After some time, the UDP traffic occupies all the bandwidth, leaving only a small part in TCP traffic.

The best known example of UDP Flooding is “Chargen Denial of Service Attack”. The implementation of this attack is simple, just do the chargen service provide a machine with the echo service of another. The first generates characters, while the second resends the data it receives. Just then the attacker to send UDP packets on port 19 (chargen) to victims spoofing the IP address and source port of another. In this case, the source port is UDP port 7 (echo). The UDP Flooding causes saturation of bandwidth between two machines, and it can completely disable a network.

Packet Fragment

Denial of Service type Packet Fragment uses weaknesses in the implementation of some TCP / IP defragmentation (IP reassembly of IP fragments).

A known attack using this principle is Teardrop. The fragmentation offset of the second segment is smaller than the size of the first and the offset plus the size of the second. This means that the second fragment contains the first (overlapping).

During defragmentation, some systems do not handle this exception and that entails a denial of service. There are variants of this attack, bonk, boink and newtear. Denial of Service Ping of Death uses a mismanagement of the ICMP defragmentation, sending more data than the maximum size of an IP packet. These different types of denial of service lead to a crash on the target machine.

Smurfing

This attack uses the ICMP protocol. When a ping (ICMP ECHO) is sent to a broadcast address (e.g., 10.255.255.255), it is reduced and sent to every machine on the network. The principle of attack is to spoof the ICMP ECHO REQUEST packets sent using as source IP address of the target. The attacker sends a continuous stream of ping to the broadcast address of a network and all machines answer for an ICMP ECHO REPLY target. The flow is then multiplied by the number of hosts in the network. In this case the entire target network suffers denial of service because the huge amount of traffic generated by this attack leads to network congestion.

Continued…

Link to this post!

Related posts:

  1. Denial of Service Attack DoS | Part 1
  2. Denial of Service Attack DoS | Part 2
  3. Denial of Service Attack DoS | Part 4
  4. Denial of Service Attack DoS | Part 5

Tags: attack by dos, ddos attack, ddos attacks, denial of service attack, protection against attacks from denial of service

This entry was posted on Monday, February 15th, 2010 at 3:41 pm and is filed under Server Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

You must be logged in to post a comment.