3 denial of service attack, Enial of, Ervice – Planet Technology G.SHDSL.bis Bridge Router GRT-504 User Manual

Page 20: Ttack

Advertising
background image

GRT-504 4-Wire G.SHDSL.bis Firewall Router User’s Manual

3.3

Denial of Service Attack


Inturruption


Typically, Denial of Service (DoS) attacks result in two flavors: resource starvation and system
overloading. DoS attacks happen usually when a legitimate resource demanding is greater than
the supplying (ex. too many web requests to an already overloaded web server). Software
weakness or system incorrect configurations induce DoS situations also. The difference between a
malicious denial of service and simple system overload is the requirement of an individual with
malicious intent (attacker) using or attempting to use resources specifically to deny those
resources to other users.

Ping of death- On the Internet, ping of death is a kind of denial of service (DoS) attack caused by
deliberately sending an IP packet which size is larger than the 65,536 bytes allowed in the IP
protocol. One of the features of TCP/IP is fragmentation, which allows a single IP packet to be
broken down into smaller segments. Attackers began to take advantage of that feature when they
found that fragmented packets could be added up to the size more than the allowed 65,536 bytes.
Many operating systems don’t know what to do once if they received an oversized packet, then
they freeze, crash, or reboot. Other known variants of the ping of death include teardrop, bonk and
nestea.

Hacker 's

System

Target

System

Ping of Death Packet (112,000 bytes)

Normal IP Packet (Maximun 65,536 bytes)

Normal reassembled Packets

bytes from 1~1500

bytes from 1501~3000

bytes from 3000~4500

Reassembled teardrop packets

bytes from 1~1700

bytes from 1300~3200

bytes from 2800~4800



SYN Flood- The attacker sends TCP SYN packets, which start connections very fast, leaving the
victim waiting to complete a huge number of connections, causing it to run out of resources and
dropping legitimate connections. A new defense against this is the “SYN cookies”. Each side of a
connection has its own sequence number. In response to a SYN, the attacked machine creates a
special sequence number that is a “cookie” of the connection then forgets everything it knows
about the connection. It can then recreate the forgotten information about the connection where
the next packets come in from a legitimate connection.

19

Advertising
Popular Brands
Popular manuals