Dos Attack?
DOS
The traditional intent and impact of DOS (Denial of Service) attacks is to prevent or impair the legitimate use of computer or network resources. Regardless of the diligence, effort, and resources spent securing against intrusion, Internet connected systems face a consistent and real threat from DoS attacks because of two fundamental characteristics of the Internet.
· The Internet is comprised of limited and consumable resources
The infrastructure of interconnected networks comprising the Internet is entirely composed of limited resources, bandwidth, processing power, and storage capacities are all common targets for DoS attacks designed to consume enough of a target‘s available resources for some level of service disruption.
· Internet security is highly interdependent
DoS attacks are commonly launched from one or more points on the Internet that are external to the victim‘s own system or network. In many cases, the launch point consists of one or more systems that have been subverted by an intruder via a security-related compromise rather than from the intruder‘s own system or systems. As such, intrusion defense not only helps to protect Internet assets and the mission they support, but it also helps prevent the use of assets to attack other Internet-connected networks and systems. Likewise, regardless of how well defended your assets may be, your susceptibility to many types of attacks, particularly DoS attacks, depends on the state of security on the rest of the global Internet, journal attack scenario is shown in figure.
Generally DoS attack machinery uses simple tools that generated and sent packets from a single Source to single destination. Over time, tools have evolved to execute single source attacks against multiple targets, multiple source attacks against single targets, and multiple source attacks against multiple targets. Such attacks are commonly referred to as packet flooding attacks. Single source against single target attacks are common, as are multiple source against single target attacks.
The packet types used for packet flooding attacks have varied over time, but for the most part, several common packet types are still used by many DoS attack tools.
TYPES OF DOS Attack:
There are number of attack possible in DoS Attack like, Ping of Death, LAND Attack, Tear Drop Attack, SYN Flood Attack, ICMP Flood Attack, UDP Flood Attack, Smurf Attack, DDOS ATTACKS, but in this article will discuss some of important Attack.
Ping of Death
An intruder sends an ICMP echo request packet that's bigger than the maximum IP packet size. Since the received ICMP echo request packet is larger than the normal IP packet size, it's fragmented. The target can't reassemble the packets, so the OS crashes or reboots.
LAND Attack
When the intruder initiates a SYN flag into Flood attack using the IP address of the victim as source and destination IP address, then it is assumed that the attacker has launched a land attack. If the victim has not taken any precautions for this type of attack, it could end up trying to establish a connection with itself falling into a dead-end loop that exists until the idle timeout value is reached. The following diagram shows clearly the sequence flow of this attack:
Smurf Attack
Smurf Attack is a type of network-level Denial of Service (DoS) Attack by overwhelming the victim machine with Internet Control Message Protocol (ICMP) echo replies from computers in the same broadcast network by sending forged ICMP echo request to an IP broadcast address using the IP address of the victim machine, making computers in the same network reply to the requests, flooding the victim machine with ICMP echo replies. In this document it is discussed how such an attack could be engineered and detected using freely available tools in the Internet.
DDOS ATTACKS
DDoS (Distributed Denial of Service) it’s similar to DoS, DDoS also tries to block important services running on a server by flooding the destination server with packets. The specialty of DDoS is that the attacks do not come from a single network or host but from a number of different hosts or networks which have been previously compromised.
