Denial of service

From Hill2dot0
(Redirected from DoS)
Jump to: navigation, search
Denial of service

Denial of Service (DoS) attacks are attempts to consume resources to the point where users can no longer obtain the services they desire. This can be done by consuming or destroying the resources of the network (preventing traffic flow to the service) or by consuming or destroying the resources of the server itself. An ICMP flood attack (also known as the ping of death) is a nonstop stream of large ping packets (ICMP echo requests) that consumes the bandwidth of the link between the company or home network and the Internet. The SQL Slammer was also an attack that consumed so much bandwidth across the Internet that even non-vulnerable devices and sites could not communicate across the network.

A SYN Flood sends a continuous stream of TCP connection request messages to a server (the SYN bit in the TCP segment is the bit used to signal a connection request). The server allocates memory and a port for each requests and sends a response to the requester. The requester is supposed to respond with an acknowledgement, which completes the connection. In this attack, however, the requester never sends that response. The server will eventually (10-20 seconds) give up and declare the connection void, but for that period of time the port and memory allocated to the connection is consumed. If the server can be flooded with enough of these messages, it will have no memory and/or port numbers remaining for valid connection requests. It's essentially equivalent to getting 100 people to visit the local department store and tie up all of their clerks with bogus conversations, preventing valid customers from being able to get help or even pay for their purchases.

See Also

PodSnacks

<mp3>http://podcast.hill-vt.com/podsnacks/2007q1/dos.mp3%7Cdownload</mp3> | Denial of Service (DoS)