Welcome to Bucaro TecHelp!

Bucaro TecHelp
HTTPS Encryption not required because no account numbers or
personal information is ever requested or accepted by this site

About Bucaro TecHelp About BTH User Agreement User Agreement Privacy Policy Privacy Site Map Site Map Contact Bucaro TecHelp Contact RSS News Feeds News Feeds

Denial of Service Attack (DoS) Detection and Mitigation

A Denial of Service Attack is when a hacker attempts to consume such a large amount of a server's resources that it's services will be unavailable to its intended users. For example a DoS attack against a web server attempts to prevent it from serving web pages to legitimate Internet clients.

One common method of DoS involves making thousands of requests for webpages from a targeted server, using up it's bandwidth and resources such that it responds to legitimate requests for webpages so slowly as to be rendered effectively unavailable to legitimate users. Frequently the target web servers attempt to satisfy all requests causes it to crash.

SYN flood DoS attack

Another common method of DoS involves exploiting TCPs handshaking mechanism. TCP's handshaking technique to start a session is sometimes referred to as SYN, SYN-ACK, ACK. A host starts a session by sending a packet with the synchronize (SYN) flag set. When the server receives it, it responds by sending a packet with both the SYN and ACK (acknowledges) flags set. The host then completes the handshake by sending a third packet with the ACK flag set.

At this point, both computers have established a TCP session and data can be transmitted between the two computers. However, in a SYN flood attack, the attacker never send the third packet. The session is held half open, and the server will continue to try to complete the session. The attack sends thousands of SYN packets, never responding to the servers SYN-ACK packet, causing thousands of TCP sessions to be held half open, preventing the server from responding to legitimate requests.

Distributed Denial of Service (DDoS) Attack

A DDoS attack is a DoS attack initiated from multiple, sometimes thousands, of computers. Over a period of time thousands of computers on the Internet can be infected with viruses called bots. The computers become zombies which a hacker forms into a botnet which the hacker controls and can direct to launch an attack against a specific system.

The DDoS attack can be a SYN flood attack initiated by thousands of zombie clients. Or it can be thousands of zombie clients sending ping requests to a server. The server can be overwhelmed while trying to answer all the pings and is much slower, or unable, to respond to legitimate requests.

Dos, DDos Detection and Mitigation

Since a DDoS attack comes from thousands of zombie computers around the world, the companies best able to detect and mitigate them are owners of global communications networks, like Verizon and AT&T. These companies scan their networks for malicious traffic patterns and, if an attack is discovered, they can filter out the attack traffic while still delivering legitimate traffic to the user. Of course the cost this service is steep at over $5,000 a month to the customer.

McAfee has a Dos detection system called IntruShield which uses a patented stateful signature, anomaly, and DoS statistical analysis technique. However, for the most part, local administrators are on their own to use network scanners to reconfigure their firewalls when they suspect a Dos attack.

More Network Security Articles:
• Public Key Infrastructure
• How to Become a Professional Ethical Hacker
• Multi-Layered Approach to Cyber Security
• Remote Access Authentication Protocols
• What is a SQL Injection Attack?
• The Use of HoneyPots and HoneyNets to Trick Hackers
• ARP, MAC, Poisoning, and WiFi Security
• Essentials of Endpoint Device Backup
• Handling Rogue Access Points
• How a Firewall Provides Network Security

RSS Feed RSS Feed

Follow Stephen Bucaro Follow @Stephen Bucaro

Computer Networking Sections

Fire HD
[Site User Agreement] [Privacy Policy] [Site map] [Search This Site] [Contact Form]
Copyright©2001-2024 Bucaro TecHelp 13771 N Fountain Hills Blvd Suite 114-248 Fountain Hills, AZ 85268