Denial-Of-Service Attacks; Overview; Dos Attack Mechanisms; Ping Of Death Attacks - D-Link NetDefendOS User Manual

6.7. Denial-of-Service Attacks

6.7.1. Overview

The same advantages that the Internet brings to business also benefit hackers who use the same
public infrastructure to mount attacks. Attack toolkits are readily available and development
work on these is often split across groups spread around the world. Many newer attack
techniques utilize the distributed topology of the Internet to launch Denial of Service (DoS)
attacks resulting in paralyzed web servers that can no longer respond to legitimate connection
requests.
To be on the receiving end of a DoS attack is probably the last thing any network administrator
wants to experience. Attacks can appear out of thin air and the consequences can be devastating
with crashed servers, jammed Internet connections and business critical systems overloaded.
This section deals with how NetDefendOS is used to protect against these attacks.

6.7.2. DoS Attack Mechanisms

A DoS attack can be perpetrated in a number of ways but there are three basic types of attack:
• Consumption of computational resources, such as bandwidth, disk space or CPU time.
• Disruption of configuration information, such as routing information.
• Disruption of physical network components.
One of the most commonly used method is the consumption of computational resources which
means that the DoS attack floods the network and ties up critical resources used to run business
critical applications. In some cases, vulnerabilities in the Unix and Windows operating systems
are exploited to intentionally crash the system, while in other cases large amounts of apparently
valid traffic are directed at sites until they become overloaded and crash.
Some of the most well-known DoS attacks during the brief history of the public Internet have
included the following:
•

Ping of Death attacks

• Fragmentation overlap attacks
• Land and LaTierra attacks
• The WinNuke attack
• Amplification attacks
• TCP SYN flood attacks
6.7.3. Ping of Death Attacks
This is one of the earliest OSI layer 3/4 attacks. A simple ways to execute this is to run the console
command "ping -l 65510 o.p.q.r" on certain operating systems where o.p.q.r is the IP address of
the intended victim. Jolt is the name of one of the purpose-written programs for generating such
packets on operating systems whose ping commands refuse to generate oversized packets.
Another name for this type of attack is Ping of Death.
566
Chapter 6: Security Mechanisms