Networking / Security 

Network Security – Denial of Service Attack (DDoS)

admin , , , , , , , , , , , , , , , , , , , , , ,

In last several years, Denial of Service attack (DDoS)/ Distributed Denial of Service attack (DDoS) has become one of the most critical threats for internet security, though it’s easily accomplished by the intruders. You can also perform it on other’s network, if you have coding knowledge.

Network Security, DDos attack, service attack (DDoS), Smurf Attack, Fraggle, Tribe Flood Network, Stacheldrah, Mitigation, Data Center, power calculation, cooling system, facebook, fewer generator, Green Data Center, datacenter, data center services, data center management, about data centers, internet data centers, datacenter services, datacenter<a href=dumpsoon solutions Business continuity plan” width=”150″ height=”150″ />Simply download DoS attack tools from the internet and do it! Wait! First save your one and then try it. To get rid of this attack, first of all we have to know its consequences.

Typically, an internet connection is established using a methodology named ‘THREE WAY HANDSHAKING’. Following this protocol, at first client pc sends request (SYN) for connection establishment and then receiving this request, server pc responds to it sending an acknowledgement of approval (SYN_ACK) message. Lastly, client pc also sends an acknowledgement (SYN_ACK) message to the server telling it, “I got the message, Thank you” and then if everything is all right, connection establishes.

Description

What happens in case of DoS attack is, a person, whether being inside or outside of a network, makes services unavailable by overflowing the network system that normally provides them. DoS intrusion causes server overrun and resource consumption. This may often prohibits the server from making response to actual clients. It may spoil whole network infrastructure. There are several kinds of DoS attacks. Followings are some examples:

Smurf Attack

One of the earlier DoS strokes on hosts at the network level. A thug generates a huge amount of ICMP ping requests (datagram) with fake source addresses and sends them to the IP broadcast address of a network, i.e., remote LANs broadcast addresses. Most of the hosts connected to the network will send reply for each of the echo. Thus, the network is overwhelmed by fake echo multiplied by the number of connected hosts. Normally the attacker uses largest packets (up to Ethernet maximum) to ensure terrible damage to the target network.

Fraggle

Another DoS attack which follows the same process as Smurf attack. It just sends UDP echo packet in place of ICMP. This invasion can be very serious because of the ‘stateless’ property of UDP. ‘Stateless’ property means there is no acknowledgement
dumpsoon.com mechanism in this protocol, which makes UDP favorable for DoS attack. Attacker swallows up the network by UDP packets. Because of there is no mechanism, receiver can’t identify the fake requests.

Ping of Death

This attack follows the same mechanism but from a new angle. It sends ping request using over-sized packets. You may know that, TCP/IP’s Maximum Transmission Unit (MTU) i.e. maximum packet size is 65,536 octets (as per CISCO). As a result of over-sized pings, the routing device keeps rebooting perpetually or may be freezes up causing a total crash.

Tribe Flood network’/’Tribe Flood Network 2000

More complicated than previous DoS attacks, alternately it is named as ‘IP Spoofing’. It is capable of initiating synchronized DoS attacks from multiple sources to multiple target devices. It accomplishes the violation by imitating itself as an IP address of a network to other IP addresses, which are in the scope of it. In this manner, it misleads the network system by using an approved or trusted internal/external IP address and does massive destruction.

Stacheldraht 

A Distributed DoS program (DDoS), which is actually an assortment of DoS methodologies. It integrates TFN irruption processes along with UDP, TCP/IP, ICMP overflow and Smurf attack. Starting with a huge invasion at the very root level it encrypts all most every communication between server (root), client or any other host in a network. It was written based on TFN tool to be used only on Linux/ Solaris system, but now it is used on any platform by modifying its source code. Scope of describing this attack is limited in this article, as it requires a vast explanation to understand this intrusion.

Mitigation

See, you are in a great danger now! Anyone can destroy your work just in a second, no doubt in that! No worry, accident happens! Let’s try some preventive measures to protect valuable information and to have a flawless communication:

It is not possible to stop communications with all outer world connections. So, first of all, ensure basic traffic filtering. You can control and avoid unexpected foray at a minimum rate by using traffic filtering at your end. Firewall protected networks are much more safe than others in this regard. Contact with your ISP provider to ensure security before doing business through the network.

For ISP providers, it is required to monitor the network closely and review protocols to confirm authenticated communication path. Find solutions to mitigate resource overloading and other compulsions. Before maneuvering the system, scan the whole network architecture considering all kinds of intrusions. Maintain a solid and well-managed mitigation policy.

Make sure the router is well protected by implementing filters in it. To prohibit unauthorized access implement mechanisms like Network Address Translation (NAT), Access List (ACL) etc. NAT decreases overwhelming amount of IP addresses required for a networked environment by concealing certain IP address space. Thus, it lessens the opportunity of Smurfing or IP spoofing. Access list controls addresses who are allowed to connect with the network and who aren’t. These lists are orthodox in preventing IP spoofing, Smurf attacks, DoS TCP/IP floods, DoS ICMP floods or any kind of trace route filtering.

To restrict Smurf or Fraggle attack, configure the router to block broadcast packets emerging outside of the network. You may find slight variations in the router configuration commands. Though, by default, all most every latest router inhibits these broadcasts.

Unicast Reverse Path Forwarding (uRPF) is a methodology which can drop IP packets containing fake source address. It can work in either strict or loose mode. Though, level of its rigidity varies from router to router. Also, don’t forget to configure the ACLs, so that, if uRPF fails, ACL can handle it.

There are other monitoring techniques like: customer/peer notification, Sinkhole, Rate limiting, Back scatter technique, Black hole filtering, net flow monitoring, Advance BGP Filtering etc.

Your task is easy; make sure you are not the victim!

 

You can also keep up to date with current trends and technology by visiting Data Center Talk where we keep you informed on important changes as they occur.

No related content found.

You May Also Like

What is MPLS and its Challenges

Sachin.Sharma Comments Off on What is MPLS and its Challenges

Importance of Firewalls and Network Security

Sachin.Sharma Comments Off on Importance of Firewalls and Network Security

AToM – Any Transport Over MPLS

Sachin.Sharma Comments Off on AToM – Any Transport Over MPLS