Denial of Service: Andy Hook
Denial of Service: Andy Hook
Denial of Service: Andy Hook
ANDY HOOK
What is Dos
In this type of DoS attack, the attacker broadcasts a large amount of Internet
Control Message Protocol (ICMP) echo request packets to a computer
network with a spoofed IP address of the target host (victim). This will
flood the target host with lots of ping replies (ICMP echo replies) from the
network which makes it impossible to handle. There is also a variant of
smurf attack called fraggle attack where UDP packets are used instead of
ICMP packets. The following figure illustrates the mechanism of a smurf
attack:
Ping of Death (POD)
In this kind of attack, the attacker deliberately sends an IP packet larger than the
allowed size of 65,535 bytes. Since the size exceeds the maximum allowed
limit, it is split across multiple IP packets known as fragments and sent to the
target host. However, when the target tries to reassemble the packet on its end,
the fragments add up to more than the allowed size of 65,535 bytes. Being
unable to handle oversized packets, the operating system will freeze, reboot or
simply crash thereby causing all the services running on it to become
unavailable to the legitimate users. In this way, the attacker becomes successful
in causing a denial of service using the ping of death technique.
Teardrop Attack
The SYN flood attack exploits a known weakness in the TCP connection sequence
called the “three-way handshake”. According to this, a host sends SYN Request to
the target server which responds with a SYN-ACK back to the host. Finally the
requesting host sends an ACK Response back to the server which completes the
three-way handshake process to establish the connection. However, in case of a SYN
attack, a large number bogus TCP SYN requests are sent to the target server but the
SYN-ACK response sent back from the server is not answered. Sometimes the
attacker may even use a spoofed IP address while sending a SYN request. For each
SYN request from the attacker, the victim server allocates resources and keeps
waiting for the ACK from the requesting source (attacker). Since no ACK is received,
the server gets flooded with a large amount of half-open connections thereby leading
to resource exhaustion resulting in a denial of service