Denial of

Service Attack
By: Alexis Perry
Arianna Edwards

11:11PM
 Topics Covered

What is Examples How can

We will be Denial of of Denial denial of

presenting on Service of Service service

Attack Attack attack be
mitigated
or
prevented
Imagine you begin scrolling
through your Instagram feed
on a school computer when
suddenly you cannot access
Instagram, you cannot find
YouTube on your device, and
your IT SBA won’t open. As
many emails from unknown
individuals flood into your
school email, you realize you
are experiencing a DoS/DDoS
attack.
A DoS attack (denial of service attack) is a
security event that floods serves, systems
or networks with traffic to overwhelm their
resources which prevents legitimate users
from being able to use specific computer
systems, devices, service or other IT
resources. DoS and DDoS attacks often
use vulnerabilities in the way networking
protocols handle network traffic.
Back to Agenda Page
DOS ATTACKS
THE FIRST DoS ATTACK
DoS attacks on internet-connected systems have a long history that
arguably started with the Robert Morris worm attack in 1988. In that
attack, Morris, a graduate student at MIT, released a self-
reproducing piece of malware -- a worm -- that quickly spread
through the global internet and triggered buffer overflows and DoS
attacks on the affected systems. Dos attacks are carried out for the following
reasons:

(Monetary gain: Attackers demand payment from victims to end

DoS or DDoS attacks
(Harm and individual or organization: Organizations/individuals
can lose money while recovering from a DoS attack
Sabotaging victim(s): DoS attackers just want to cause a lot of
damage and inconvenience a lot of people.

Back to Topivs Page

 DoS Attack examples include:
The Google Attack, AWS (Amazon Web Series) Dyn Attack
2020 One of the more recent examples of a In October 2016, a DDoS attack was
DDoS Attack occurred in February 2020, carried out on a domain name system
impacting Amazon Web Services (AWS), a (DNS) provider, Dyn, which hosts and
The attacker used several networks to cloud computing service used by over a manages the domain names of select
spoof 167 Mpps (millions of packets per million companies, individuals, and companies in this directory on its
second) to 180,000 exposed CLDAP, government entities. server. When Dyn’s server was
DNS, and SMTP servers, which would compromised, it also affected the
then send large responses to us. This The hackers used directories on websites of the companies it hosts.
demonstrates the volumes a well- Connection-less Lightweight Directory The attack on Dyn flooded its servers
resourced attacker can achieve: This Access Protocol (CLDAP) servers to send with overwhelming traffic, creating a
was four times larger than the record- huge amounts of information to AWS's massive web outage and shutting
breaking 623 Gbps attack from the servers—as many as 2.3 terabits per down over 80 websites, including
Mirai botnet a year earlier. second (Tbps). However, Amazon was major sites like Twitter (now X),
able to stop the attack before it became a Amazon, Spotify, Airbnb, PayPal, and
big security risk for its customers. Netflix.

Back to Topivs Page

DIFFERENCE BETWEEN DoS and DDoS ATTACKS

DoS utilizes a single connection, while

a DDoS attack utilizes many sources
of attack traffic. This makes DDoS
attacks more difficult to prevent,
however they can be prevented with
these 3 strategies:
(1) Contacting an ISP
(2) Using denial-of-service attack
detection products
(3) Contracting with a backup ISP and
using cloud-based anti-DoS

HOW TO PREVENT A DoS/DDoS ATTACK

 How to Prevent/Mitigate a DoS attack
futher explained
When a DoS attack is underway, it is recommended that the enterprise or individuals affected contact their ISP (Internet Service
Provider) to determine whether the incident is an actual DoS attack or degradation of performance caused by another factor. The ISP
can help mitigate DoS and DDoS attacks by rerouting malicious traffic and utilizing load balancers to reduce the attack's impact.
Load balancing uses an appliance to identify which server in a pool can best meet a given client request, while ensuring heavy
network traffic doesn't overwhelm a single server.

Denial-of-service attack detection products (they offer DoS detection functions) include:
Intrusion detection systems- Intrusion Detection System (IDS) observes network traffic for malicious transactions and sends
immediate alerts when it is detected.
Intrusion prevention systems- A network security technology that constantly monitors network traffic to identify threats.
Firewalls- A network security device designed to monitor, filter, and control incoming and outgoing network traffic based on
predetermined security rules.

Cloud DDoS Mitigation software is designed to safeguard cloud infrastructures against DDoS attacks and works to maintain
uninterrupted service availability. They will also adeptly identify patterns indicative of DDoS attacks, thereby initiating prompt
responses to deflect potential threats. These include Radware Cloud DDoS Protection Service, A10 Thunder Threat Protection
System, Akamai Prolexic, AWS Shield, and Microsoft Azure DDoS Protection

Back to Agenda Page

 AMPLIFIED DOMAIN NAME
SYSTEM (DNS) DENIAL-OF-
SERVICE ATTACK
Methods
of DoS An Amplified Domain System (DMS)
attack is a type of attack where the
attacks attacker manipulates open DNS servers to
send large volumes of legitimate traffic.
This is said to be a two-step attack . The
cybercriminal first uses a spoofed IP
address to send massive requests to DNS
servers.
The DNS server then replies to the
request, creating an attack on the target
victim. The size of these attacks is larger
than the spoofed request, resulting in
large amounts of traffic going to the
victim server. The attack often results in
complete inaccessibility of data for a
company or organization.
APPLICATION LAYER ATTACKS BUFFER OVERFLOW ATTACK
Application layer attacks, also called
A buffer overflow attack occurs when a
program attempts storing too much
Layer 7 (L7) attacks, go after the top layer
of the internet system where websites and
apps run. This is where things like clicking
information into a storage space (called a
buffer).
Buffers are like temporary storage bins in
a link (HTTP GET) or submitting a form
your computer’s memory. They hold data
(HTTP POST) happen.
for a short time while it's being moved
from one place to another.
These attacks try to mess up how a
But if a program tries to put too much data
website works by taking advantage of
into a buffer, it overflows—kind of like
weak spots or site itself. Unlike other
stuffing a small backpack with way too
attacks that mainly flood the internet
much stuff. The extra data spills over into
connection, these are able to wear out the
other parts of memory, which can mess
actual website, causing it to crash or slow
things up by changing important data or
down. They can do this without needing a
even letting hackers sneak in harmful
lot of internet power.
code.
 COMPUTERS OR OTHER
NETWORK-CONNECTED
THE PING-OF-DEATH ATTACK A SYN FLOOD ATTACK
DEVICES THAT HAVE BEEN
INFECTED
Methods The person infiltrating the
of DoS system may use
computers or other
This attack abuses the
ping protocol by sending
This attack abuses the
TCP’s handshake protocol

attacks network devices that have

been infected by malware
out request messages
with payloads (the actual
(the client establishes a
TCP connection with a
and made part of a botnet. message in transmitted server). They also direct a
DDoS attackes, including data) which are too big, high-volume stream of
those using botnets, use these payloads cause the false requests to open a
command-and-control systems attacked to TCP connection.
(C&C) servers (computers become overwhelmed, Accepting many requests
they control) to dictate stop responding to is a resource-intensive
what the kind of attack to legitimate requests for operation and can result in
launch/types of data to service and crash the the denial of legitimate
transmit/systems or system. users access to the
network resources to server.
target when attacking
 STATE EXHAUSTION ATTACKS
Methods When the state tables
of DoS held in firewalls, routers
and other network devices
attacks are targeted by attackers
and filled with attack data
it is called a state
exhaustion attack, also
known as Transmission
Control Protocol (TCP)
attack. The attacker fills
the state tables by
opening more TCP circuits
than the victim system
can handle at once. This
also prevents legitimate
users from accessing
network resources.
THE TEARDROP ATTACK VOLUMETRIC DOS ATTAC
An Internet Protocol
packet goes through IP
These aim to interfere
with legitimate access to
specification and is
fragmented when the
network resources by
using all bandwidth
packets are too large to
be handled by
available to reach those
resources. The attackers
direct a high volume of
intermediary routers and network traffic to the
it requires packet system they are targeting.
fragments to specify The victim’s devices are
fragment offsets. These flooded with network
offsets are set to overlap packets using the User
each other in tear drop Datagram Protocol or
attacks so the host Internet Control Message
running the affected OSes Protocol (they generate
is unable to reassemble large volumes of traffic,
the fragments and the and process the incoming
system crashes. malicious datagrams).
 Thank you!
Insert a parting or call-to-action message here.