A Denial of Service (DoS) or a Distributed Denial of Service
(DDoS) attack is an attempt to make a machine or network resource unavailable to users,
and is
intended to temporarily or indefinitely interrupt or suspend services to a host connected
to
the Internet.
Typical attacks involve saturating the target machine with external
communication requests, such that the machine can no longer respond to legitimate
traffic, or
responds so slowly it is rendered unavailable. Such attacks usually lead to server
overload.
The three most common methods of attack include:
- TCP SYN flood
- A Transmission
Control Protocol (TCP) Synchronous Transmission (SYN) flood occurs when a malicious
host
sends a flood of TCP/SYN packets - often with a forged sender address. Each of these
packets is handled like a connection request, causing the server to spawn half-open
connections by sending back a TCP/SYN-ACK packet (Acknowledge), and waiting for a
packet
in response from the sender address (response to the ACK Packet). However, because
the
sender address is forged, the response never arrives. These half-open connections
saturate
the number of available connections the server is able to make, keeping it from responding
to legitimate requests until after the attack is over.
- UDP flood
- A User Datagram
Protocol (UDP) flood overloads the target server by repeatedly sending an overwhelming
number of UDP packets.
- ICMP/Ping flood
- An Internet
Control Message Protocol (ICMP) flood sends its victims an overwhelming number of
ping
packets, usually by using the "ping" command. It is simple to launch with the purpose
of
gaining access to a greater amount of bandwidth than its victim.
