Denial-Of-Service (Dos) Attacks; Overview; Dos Attack Mechanisms; Ping Of Death And Jolt Attacks - D-Link NetDefend DFL-210 User Manual

6.6. Denial-Of-Service (DoS) Attacks

6.6. Denial-Of-Service (DoS) Attacks

6.6.1. Overview

By embracing the Internet, enterprises experience new business opportunities and growth. The
enterprise network and the applications that run over it are business critical. Not only can a company
reach a larger number of customers via the Internet, it can serve them faster and more efficiently. At
the same time, using a public IP network enables companies to reduce infrastructure-related costs.
Unfortunately, the same advantages that the Internet brings to business also benefit the hackers who
use the same public infrastructure to mount attacks. Attack tools are readily available on the Internet
and development work on these tools is often split across groups of novice hackers — known as
"script kiddies" or "larval hackers" — scattered across the globe, providing around-the-clock
progression of automated attack methods. Many of the new attack methods utilize the distributed
nature of the Internet to launch DoS attacks against organizations.
To be on the receiving end of a DoS attack is probably the last thing any network administrator
wants to experience. Attacks can appear out of thin air and the consequences can be devastating
with crashed servers, jammed Internet connections and business critical systems in overload.
This section deals with using the D-Link Firewall to protect organizations against DoS attacks.

6.6.2. DoS Attack Mechanisms

A DoS attack can be perpetrated in a number of ways but there are three basic types of attack:
• consumption of computational resources, such as bandwidth, disk space, or CPU time
• disruption of configuration information, such as routing information
• disruption of physical network components
One of the most commonly used method is the consumption of computational resources which
means that the DoS attack floods the network and ties up critical resources used to run business
critical applications. In some cases, vulnerabilities in the Unix and Windows operating systems are
exploited to intentionally crash the system, while in other cases large amounts of apparently valid
traffic are directed at sites until they become overloaded and crash.
Some of the most commonly used DoS attacks have been:
• The Ping of Death / Jolt attacks
• Fragmentation overlap attacks: Teardrop / Bonk / Boink / Nestea
• The Land and LaTierra attacks
• The WinNuke attack
• Amplification attacks: Smurf, Papasmurf, Fraggle
• TCP SYN Flood attack
• The Jolt2 attack

6.6.3. Ping of Death and Jolt Attacks

The "ping of death" is one of the earliest layer 3/4 attacks. One of the simplest ways to execute it is
198
Chapter 6. Security Mechanisms