Welcome to Bucaro TecHelp!

Bucaro TecHelp
HTTPS Encryption not required because no account numbers or
personal information is ever requested or accepted by this site

About Bucaro TecHelp About BTH User Agreement User Agreement Privacy Policy Privacy Site Map Site Map Contact Bucaro TecHelp Contact RSS News Feeds News Feeds

Types of DoS (Denial of Service) Attacks

The types of methodologies used in DoS attacks are many, but they can be divided into three essential categories: Flood attacks, Logic attacks, and Distributed Denial-of-Service (DDoS) attacks. Each has several methods within it that attackers may use to compromise or completely shut down an Internet-connected server.

Flood Attacks

The premise of a flood attack is simple. An attacker sends more requests to a server than it can handle, usually in a relentless manner, until the server buckles and gives in to the attacker. Once this type of attack ends, the server can return to normal operation. Flood attacks are very common because they are easy to execute, and the software used to execute them is easy to find. Methods of flooding include:

• Ping flooding - a method where the attacker or attackers flood the target server with ICMP Echo Request (ping) packets. This method depends on the victim returning ICMP Echo Relay packets, greatly increasing bandwidth usage and eventually slowing down or stopping the server.

• SYN flood - an attack in which the attacker sends repeated SYN requests (a TCP connection) that the target accepts. Normally, the server replies with a SYN-ACK response, and then the client follows up with an ACK to establish the connection. In a SYN flood, the ACK is never sent. The server continues to wait for the response, and if enough of these unfinished connections build up, the server can slow or even crash.

• Smurf attack - While a ping flood depends on the attacker's computer sending each ping, a smurf attack spoofs ping messages to IP broadcast addresses. If the target machine responds and in turn broadcasts that IMCP echo request, it passes on to even more and eventually spreads to more machines, which can forward the packets to even more. Modern routers have mostly fixed this issue, making smurf attacks less common.

• UDP attack - A UDP flood involves sending multiple high volume UDP packets to occupy the target system and prevent legitimate clients for accessing the server. The process requires the attacker to find out if a UDP port is free and has no application listening on it. It then sends the UDP packets, and the server is forced to reply with an ICMP destination unreachable packet.

Logic Attacks

Although the goal of a logic attack is the same as a flood attack, the method of intrusion is much different and often more subtle. While flood attacks usually look to bombard a server with an unusually high amount of standard traffic, logic attacks rely on non-standard traffic, exploited through security holes in your system.

Generally, a logic attack requires your server to have a discoverable weakness that the attacker can locate and then use against it. Because of this prerequisite, it is usually easy to prevent by keeping your server software and hardware up-to-date with the latest security patches and firmware respectively.

Many security firms, IT professionals, and software developers regularly test popular proprietary and open source software for security holes. When they find one, the holes are usually quickly fixed, but the only way to accomplish wide distribution of fixes is to publish the exploits. Attackers can then search for unpatched servers and infiltrate them.

While many logic attacks are strategic, it is possible for an attacker to randomly choose a server by using software to locate exploits on the Internet. For that reason, you should keep your server secure, even if you do not think someone has a reason to attack it.

Distributed Denial of Service (DDoS)

If the aforementioned DoS attacks are akin to tornadoes, then a DDoS is like a hurricane. The techniques for attack are usually the same. They may be flood attacks or logic attacks. The difference is that a DDoS comes from multiple attackers in a simultaneous and coordinated assault. Because of the severity and sheer power of a DDoS, it has become a common tool for cyber terrorists, political dissidents, and general protests against corporations or other public entities.

One of the common features of a DDoS is the usage of spoofed IP addresses, making it difficult to block the attackers. Futhermore, many of the computers used in a DDoS may have completely innocent owners who are not aware that their computers are being used in an attack.

A DDoS will usually start with a single attacking computer, but rather than exposing itself by using a direct attack, it will locate vulnerable computers and servers all over the world and secretly install the attacking software on them. In many cases, those infected computers will then seek out more "agents" to use in the attack. When the attacker is finish amassing this cyber army, they could have hundreds or even thousands of agents.

Prevention, Detection, and Mitigation

Some types of DDoS attacks can be prevented by blocking unused ports, keeping software updated, and using modern networking hardware. Others simply cannot be prevented, especially if it is a DDoS. The best you can do in those situations is to use detection software to find the attacks early and stop them from doing too much damage to your service.


For more information on DDOS protection & mitigation, visit DOSarrest, a global leader in protection against distributed denial of service attacks.

More Network Security Articles:
• How SSL (Secure Sockets Layer) Works
• Network Security Model - Defining an Enterprise Security Strategy
• Intrusion Detection System (IDS) and Intrusion Prevention System (IPS)
• ARP, MAC, Poisoning, and WiFi Security
• Multi-Layered Approach to Cyber Security
• Security Issues with Wireless LANs
• Difference Between Network Firewall and Web Application Firewall
• Wireless Network Security
• Network Security by Filtering
• Email Security

RSS Feed RSS Feed

Follow Stephen Bucaro Follow @Stephen Bucaro


Computer Networking Sections

Fire HD
[Site User Agreement] [Privacy Policy] [Site map] [Search This Site] [Contact Form]
Copyright©2001-2024 Bucaro TecHelp 13771 N Fountain Hills Blvd Suite 114-248 Fountain Hills, AZ 85268