A denial-of-service (DoS) strike attempts to prevent legitimate users from accessing data or services. By targeting your computer and its network connection, or the computers and network of the sites you are trying to use, an attacker may be able to prevent you from accessing email, websites, online accounts, banking, root name servers, or other services that rely on the affected computer.
One common formula of strike involves saturating the target machine with communications requests, so that it cannot reply to legitimate traffic, or responds so gradually that it is effectively unavailable.
During normal network communications using Tcp/Ip, a user contacts a server with a invite to display a web page, download a file, or run an application. The user invite uses a greeting message called a Syn. The server responds with its own Syn along with an acknowledgment (Ack), that it received from the user in preliminary request, called a Syn+Ack. The server then waits from a reply or Ack from the user acknowledging that it received the server's Syn. Once the user replies, the communication association is established and data transfer can begin.
In a DoS strike against a server, the attacker sends a Syn invite to the server. The server then responds with a Syn+Ack and waits for a reply. However, the attacker never responds with the final prerequisite Ack needed to complete the connection.
The server continues to "hold the line open" and wait for a response (which is not coming) while at the same time receiving more false requests and keeping more lines open for responses. After a short period, the server runs out of resources and can no longer accept legitimate requests.
A divergence of the DoS strike is the distributed denial of service (DdoS) attack. Instead of using one computer, a DdoS may use thousands of remote controlled zombie computers in a botnet to flood the victim with requests. The large amount of attackers makes it practically impossible to locate and block the source of the attack. Most DoS attacks are of the distributed type.
An older type of DoS strike is a smurf attack. During a smurf attack, the attacker sends a invite to a large amount of computers and makes it appear as if the invite came from the target server. Each computer responds to the target server, fabulous it and causes it to crash or come to be unavailable. Smurf strike can be prevented with a properly configured operating principles or router, so such attacks are no longer common.
DoS attacks are not puny to wired networks but can also be used against wireless networks. An attacker can flood the radio frequency (Rf) spectrum with sufficient radiomagnetic interference to prevent a expedient from communicating effectively with other wireless devices. This strike is rarely seen due to the cost and complexity of the tool required to flood the Rf spectrum.
Some symptoms of a DoS strike include:
- Unusually slow operation when occasion files or accessing web sites
- Unavailability of a singular web site
- Inability to access any web site
- Dramatic increase in the amount of spam emails received
To prevent DoS attacks administrators can apply firewalls to deny protocols, ports, or Ip addresses. Some switches and routers can be configured to detect and reply to DoS using self-acting data traffic rate filtering and balancing. Additionally, application front-end hardware and intrusion prevention systems can analyze data packets as they enter the system, and identify if they are regular or dangerous.
What is a Denial-Of-Service Attack?
