DOS/DDOS: They are attacks that consume or disable resources in an attempt to hinder or disrupt some operation or function. There are two types:
1. Flaw exploitation attacks.
2. Flooding attacks, which seek to consume resources.
• Ping of Death: Because several vendor implementations of the IP stack were not designed to handle oversized packet attacks which when combined from a packet over 65,536 bytes most crash or restart using ICMP echo.
• Tear Drop: It is a flaw exploitation attack that involves 2 or more IP fragments that cannot be properly assembled due to improperly configured fragment offset numbers.
• Land: It is a flaw exploitation attack, where the packet has the same source and destination IP addresses as well as port numbers.
• ICMP Flood: Overwhelms a target with ICMP packets till it becomes unresponsive.
• UDP Flood: is like ICMP but uses the UDP protocol by sending many UDP packets to random ports on the targets. The targets respond with either RST or ACK packets depending on how the system is configured the target can reboot, crash or be unresponsive.
• Smurf: is a type of ICMP flood attack, which sends ICMP packets. It makes all systems on the network echo-reply to specific target making it unresponsive or crash.
• Fraggle: is a variation of a smurf attack that uses UDP packets.
Protection against DDOS/DOS
• Egress Filtering: A filter, which drops outgoing packets from the internal subnet, which do not have a source address from that subnet.
• Ingress Filtering: Configures a router to drop external packets with IP sources addresses from internal subnets.
• Disable IP-directed broadcasts: Disable Smurf attacks by configuring the router to drop Packets, which ping broadcast address of an IP subnet.
No Comments »
While the Security of Wireless networks are improving, they are still very susceptible to DOS attacks and I doubt that will change anytime in the near future.
RF jamming and overloading the network with traffic. On the physical layer these attacks are pretty devastating due to their effectiveness and ease to which they are done. Hint: you can use a mobile phone for that.
Hidden Node problem: Well actually that's a misconception, Its the use of the RTS/CTS (request to send /clear to send) which is used to SOLVE he hidden node problem that's the issue. It can be used to DOS the network as the request to send basically stops the traffic till they hear the CTS signal.
WPA: This DOS attack can be used in WPA and WPA2, which my lecturer describe as "cute" involves the MIC (WPA improvement from WEP's CRC). Basically if you introduce packets with incorrect MIC values then the Access Point will boot everyone off the network for one minute. Fun! I'm not sure if its dependent on implementation but it wouldn't hurt for you to try this and see for yourself (well for at least a minute anyways hehe).
For more details:
RHUL wireless lecture
Wirelessve
Tool: AirJack
Security Focus: Wireless Attacks and Penetration Testing (part 1 of 3)
1 Comment »
Using the emb_lim option in the static command, is one way to configure the security appliance to protect against DoS attacks
No Comments »
RFC 2827, defeats DOS attacks which employ IP source Address Spoofing
No Comments »
