Welcome to Bucaro TecHelp!

Bucaro TecHelp
Maintain Your Computer and Use it More Effectively
to Design a Web Site and Make Money on the Web

About Bucaro TecHelp About BTH User Agreement User Agreement Privacy Policy Privacy Site Map Site Map Contact Bucaro TecHelp Contact RSS News Feeds News Feeds

Each year 1.5 million shelter animals are euthanized (670,000 dogs and 860,000 cats). Source: ASPCA. The solution is not to shelter unwanted pets, but to SHUT DOWN THE PET MILLS. Anyone who wants a pet will just have to adapt a great pet from a shelter.

Denial of Service Attack (DoS) Detection and Mitigation

A Denial of Service Attack is when a hacker attempts to consume such a large amount of a server's resources that it's services will be unavailable to its intended users. For example a DoS attack against a web server attempts to prevent it from serving web pages to legitimate Internet clients.

One common method of DoS involves making thousands of requests for webpages from a targeted server, using up it's bandwidth and resources such that it responds to legitimate requests for webpages so slowly as to be rendered effectively unavailable to legitimate users. Frequently the target web servers attempt to satisfy all requests causes it to crash.

SYN flood DoS attack

Another common method of DoS involves exploiting TCPs handshaking mechanism. TCP's handshaking technique to start a session is sometimes referred to as SYN, SYN-ACK, ACK. A host starts a session by sending a packet with the synchronize (SYN) flag set. When the server receives it, it responds by sending a packet with both the SYN and ACK (acknowledges) flags set. The host then completes the handshake by sending a third packet with the ACK flag set.

At this point, both computers have established a TCP session and data can be transmitted between the two computers. However, in a SYN flood attack, the attacker never send the third packet. The session is held half open, and the server will continue to try to complete the session. The attack sends thousands of SYN packets, never responding to the servers SYN-ACK packet, causing thousands of TCP sessions to be held half open, preventing the server from responding to legitimate requests.

Distributed Denial of Service (DDoS) Attack

A DDoS attack is a DoS attack initiated from multiple, sometimes thousands, of computers. Over a period of time thousands of computers on the Internet can be infected with viruses called bots. The computers become zombies which a hacker forms into a botnet which the hacker controls and can direct to launch an attack against a specific system.

The DDoS attack can be a SYN flood attack initiated by thousands of zombie clients. Or it can be thousands of zombie clients sending ping requests to a server. The server can be overwhelmed while trying to answer all the pings and is much slower, or unable, to respond to legitimate requests.

Dos, DDos Detection and Mitigation

Since a DDoS attack comes from thousands of zombie computers around the world, the companies best able to detect and mitigate them are owners of global communications networks, like Verizon and AT&T. These companies scan their networks for malicious traffic patterns and, if an attack is discovered, they can filter out the attack traffic while still delivering legitimate traffic to the user. Of course the cost this service is steep at over $5,000 a month to the customer.

McAfee has a Dos detection system called IntruShield which uses a patented stateful signature, anomaly, and DoS statistical analysis technique. However, for the most part, local administrators are on their own to use network scanners to reconfigure their firewalls when they suspect a Dos attack.

More Network Security Articles:
• Secure, Network Compliant BYOD (Bring Your Own Device) Solutions
• ARP, MAC, Poisoning, and WiFi Security
• Network Security by Filtering
• Cyber Security Tips for Small and Medium Business (SMB)
• Difference Between Network Firewall and Web Application Firewall
• Man in the Middle Attack
• Denial of Service Attack (DoS) Detection and Mitigation
• Domain Name System (DNS) Vulnerabilities
• What is a Password Hash and Salt?
• Elementary Information Security

RSS Feed RSS Feed

Follow Stephen Bucaro Follow @Stephen Bucaro

Computer Networking Sections

Fire HD
[Site User Agreement] [Privacy Policy] [Site map] [Search This Site] [Contact Form]
Copyright©2001-2018 Bucaro TecHelp 13771 N Fountain Hills Blvd Suite 114-248 Fountain Hills, AZ 85268