A Denial-of-Service (DoS) attack shuts down a machine or a network to make it inaccessible to its intended users. This PPT sheds light upon this kind of a cyberattack and its types, to increase awareness related to the threat that it poses to web servers and applications.
2. Table of Contents
2
A Denial-of-Service (DoS) Attack
Web Servers
Types of DoS Attacks
More Information on Types of DoS
Attacks
More Information on Types of DoS
Attacks (UDP Attacks)
More Information on Types of DoS
Attacks (ICMP Attacks)
More Information on Types of DoS
Attacks (Ping of Death)
More Information on Types of DoS
Attacks (Slowloris)
More Information on Types of DoS
Attacks (NTP Amplification)
More Information on Types of DoS
Attacks (HTTP Flood)
Conclusion
3. This type of a cyberattack is aimed at shutting down a machine or a network, so
that it becomes inaccessible to its intended users. This is accomplished by either
flooding the target with traffic or by sending such information to it, which triggers a
crash. In either situation, a DoS attack ensures that the legitimate users (i.e.
employees, account holders or members) of a service or resource cannot access it
any longer. Such an attack makes online services unavailable to the end-user by
either suspending the servers or by interrupting their services.
This kind of an attack is usually aimed at web servers of high-profile organizations
that are in the banking or commercial sector as well as media agencies and
government organizations along with trade organizations. A DoS attack might not
lead to any loss or theft of significant information but it is harmful as it can make its
victim lose a significant amount of time and money to resolve this issue.
3
A Denial-of-Service (DoS) Attack
4. YELLOW
In the context of discussing a DoS attack or any other cyberattack, it becomes
imperative to understand the most basic information about web servers. A web
server stores as well as makes available all the files that are needed to make
any website and web page accessible over the Internet. Web hosting companies
offer various plans to lease these web servers. These companies provide the
technology along with server space and other related services to ensure that
these websites remain accessible consistently. One might come across terms such
as “Windows Hosting”, “Cloud Hosting” and “Web Hosting”, which all refer to
hosting services.
Web Servers
4
5. Types of DoS Attacks
DoS attacks can be of different types which have been
mentioned below, in no particular order.
UDP attacks
HTTP flood
ICMP attacks
Protocol attacks
Volume-based attacks
Application-layer attacks
Ping of death
Slowloris
NTP application
5
6. More Information on Types of DoS
Attacks6
Three of the above-mentioned types of DoS attacks have been touched upon in brief here.
DoS attacks based on the protocol: Its goal is to consume the resources of real servers or the
component implemented which are meant for intermediate communication such as load balancer
and firewall. Its transmission rate is measured in packets per second. Ping of Death, SYN floods,
Smurf denial of services and fragmented packet attacks, are examples of this type of an attack.
DoS attacks based on volume: This attack aims to saturate the bandwidth of the affected site.
Its magnitude is calibrated in bits per second. This type of an attack includes spoof-packet flood,
ICMP flood and UDP flood.
DoS attacks on the application layer: This type of an attack ensures that the web server breaks
down. It is measured in request per second and has specific targets such as Apache, OpenBSD
and Windows. The examples of this type of an attack are GET/POST floods and Low-and-Slow
attacks.
7. More Information on Types of DoS
Attacks (UDP Attacks)
7
UDP flood attacks are meant to target as well as flood random ports on the remote
host. The host continuously keeps checking for the application ports. When no port is
found, it leaves a reply with ICMP, which is destination unreachable packet
message. This affects the host resources and results in inaccessibility of services. As
is evident from the name itself, it attacks and affects the host with User Datagram
Protocol packets (UDP).
8. More Information on Types of DoS
Attacks (ICMP Attacks)
8
An Internet Control Message Protocol (ICMP) attack consumes both incoming and outgoing
bandwidth. This happens because all the affected servers will attempt frequently to react with
ICMP echo reply packets. This results in either shutdown or slowing down of the entire system. It is
similar to a UDP attack but if affects the target with ICMP echo request packets, which are sent at
a high transmission rate rather than waiting for any reply. In it, an attacker attempts to overwhelm
a targeted device with ICMP echo-requests (pings).
In normal circumstances, ICMP echo-request and echo-reply messages are used to ping a network
device. This is done to diagnose the health and connectivity of the device as well as the connection
between the sender and the device. When the target is flooded with request packets, the network
is forced to respond with an equal number of reply packets. This results in the target becoming
inaccessible to normal traffic.
Custom tools or codes are involved in other types of ICMP request attacks.
9. More Information on Types of DoS
Attacks (Ping of Death)
9
In this type of an attack there is a continuous transmission of malfunctioned or malicious pings to the
server. 65535 bytes is the maximum packet length of the IP packet, including the header. The data link
layer has a limit of maximum frame size at 1500 bytes over an Ethernet. In this kind of a scenario, a
maximum IP packet is segmented across multiple IP fragments. The receiving host possesses the IP
packets or fragments to complete the entire IP.
The malware manipulates the fragment data. This leads to recipient packets which are higher than
65535 bytes, when reassembled. This can be an overwhelming volume for the memory space that had
been allocated for the packet. Hence, it results in denial of service for even those packets which are
real and legitimate.
10. More Information on Types of DoS
Attacks (Slowloris)
10
It is a type of DoS attack in which a single machine can take down the web server of another
machine. It is achieved with minimal bandwidth as well as side effects, on unrelated services
and ports. This type of an attack tries to keep open several connections to the web server that
is the target. It tries to keep them open for as long as it can be possible. This is achieved by it
by opening connections and sending a partial request to the target web server. It sends HTTP
headers subsequently and periodically, which add to the request but never complete it. These
connections will be kept open by those servers that are affected, which will fill their pool of
concurrent connection to the maximum level. This will eventually result in denying additional
connection attempts from the clients and cause a slowing down of the entire system.
12. More Information on Types of DoS Attacks
(NTP Amplification)
In it, the publically-accessible Network Time Protocol (NTP) servers are exploited by
the attacker. That is done to overwhelm the targeted server with User Datagram
Protocol (UDP) traffic. NTP is one of the oldest network protocols. This type of an
attack is essentially a reflection attack. A reflection attack involves obtaining a
response from a server to a spoofed IP address. In NTP Amplification attack, the
attacker sends a packet that has a forged IP address, which is that of the victim’s. The
server then replies to this address. When reflection attacks are amplified, as is in this
case, it can be very dangerous as it ensures obtaining a server response that is not at
all proportionate to the original packet request that was sent.
In this kind of an attack, the query-to-response ratio lies in between 20:1 and 200:1
or even more, which ensures that any attacker who has a list of open NTP servers can
easily produce a disastrously high-bandwidth, high-volume attack.
13. More Information on Types of DoS Attacks
(HTTP Flood)
HTTP flooding attacks are specifically designed for their particular target. This makes
it much harder to uncover and block these. Since these attacks make use of standard
URL requests, HTTP flooding attacks are almost indistinguishable from authentic traffic.
In this kind of an attack, seemingly legitimate HTTP GET or POST requests are utilized
to attack a web server or even a web application. In comparison to other types of
attacks, it consumes minimum bandwidth to slow down its target web server or
application.
14. Conclusion
The information provided here makes it very well evident that how a Denial-of-Service
(DoS) attack can pose a threat to web servers as well as applications. Hence, it is
extremely crucial to take proper steps to make sure that every safety measure is
implemented to avert such an attack or minimize its changes of occurring.
15. 15
Thanks!
ANY QUESTIONS?
You can find me at:
www.htshosting.org
www.htshosting.org/best-web-hosting-company-India
www.htshosting.org/best-windows-hosting
www.htshosting.org/best-cloud-hosting-company
support@htshosting.org