Welcome to Bucaro TecHelp!

Bucaro TecHelp
Maintain Your Computer and Use it More Effectively
to Design a Web Site and Make Money on the Web

About Bucaro TecHelp About BTH User Agreement User Agreement Privacy Policy Privacy Site Map Site Map Contact Bucaro TecHelp Contact RSS News Feeds News Feeds


Victims of Sandy Hook

Stop the Slaughter of Innocents. Congress is bought and paid for by gun lunatics and gun promotion groups. If you want to live in a safe America, help buy Congress back for America. Send a donation to Mayors Against Illegal Guns, 909 Third Avenue, 15th Floor New York, NY 10022

Denial of Service Attack (DoS) Detection and Mitigation

A Denial of Service Attack is when a hacker attempts to consume such a large amount of a server's resources that it's services will be unavailable to its intended users. For example a DoS attack against a web server attempts to prevent it from serving web pages to legitimate Internet clients.

One common method of DoS involves making thousands of requests for webpages from a targeted server, using up it's bandwidth and resources such that it responds to legitimate requests for webpages so slowly as to be rendered effectively unavailable to legitimate users. Frequently the target web servers attempt to satisfy all requests causes it to crash.

SYN flood DoS attack

Another common method of DoS involves exploiting TCPs handshaking mechanism. TCP's handshaking technique to start a session is sometimes referred to as SYN, SYN-ACK, ACK. A host starts a session by sending a packet with the synchronize (SYN) flag set. When the server receives it, it responds by sending a packet with both the SYN and ACK (acknowledges) flags set. The host then completes the handshake by sending a third packet with the ACK flag set.

At this point, both computers have established a TCP session and data can be transmitted between the two computers. However, in a SYN flood attack, the attacker never send the third packet. The session is held half open, and the server will continue to try to complete the session. The attack sends thousands of SYN packets, never responding to the servers SYN-ACK packet, causing thousands of TCP sessions to be held half open, preventing the server from responding to legitimate requests.

Distributed Denial of Service (DDoS) Attack

A DDoS attack is a DoS attack initiated from multiple, sometimes thousands, of computers. Over a period of time thousands of computers on the Internet can be infected with viruses called bots. The computers become zombies which a hacker forms into a botnet which the hacker controls and can direct to launch an attack against a specific system.

The DDoS attack can be a SYN flood attack initiated by thousands of zombie clients. Or it can be thousands of zombie clients sending ping requests to a server. The server can be overwhelmed while trying to answer all the pings and is much slower, or unable, to respond to legitimate requests.

Dos, DDos Detection and Mitigation

Since a DDoS attack comes from thousands of zombie computers around the world, the companies best able to detect and mitigate them are owners of global communications networks, like Verizon and AT&T. These companies scan their networks for malicious traffic patterns and, if an attack is discovered, they can filter out the attack traffic while still delivering legitimate traffic to the user. Of course the cost this service is steep at over $5,000 a month to the customer.

McAfee has a Dos detection system called IntruShield which uses a patented stateful signature, anomaly, and DoS statistical analysis technique. However, for the most part, local administrators are on their own to use network scanners to reconfigure their firewalls when they suspect a Dos attack.

RSS Feed RSS Feed


Follow Stephen Bucaro Follow @Stephen Bucaro


Computer Networking Sections

Fire HD
[Site User Agreement] [Privacy Policy] [Site map] [Search This Site] [Contact Form]
Copyright©2001-2017 Bucaro TecHelp 13771 N Fountain Hills Blvd Suite 114-248 Fountain Hills, AZ 85268