Anti-DoS Profiles

A denial-of-service (DoS) or a distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to users, and is intended to temporarily or indefinitely interrupt or suspend services to a host connected to the Internet.

Typical attacks involve saturating the target machine with external communication requests, such that the machine can no longer respond to legitimate traffic, or responds so slowly it is rendered unavailable. Such attacks usually lead to server overload.

The three most common methods of attack include:

TCP SYN flood

A Transmission Control Protocol (TCP) Synchronous Transmission (SYN) flood occurs when a malicious host sends a flood of TCP/SYN packets - often with a forged sender address. Each of these packets is handled like a connection request, causing the server to spawn half-open connections by sending back a TCP/SYN-ACK packet (Acknowledge), and waiting for a packet in response from the sender address (response to the ACK Packet). However, because the sender address is forged, the response never arrives. These half-open connections saturate the number of available connections the server is able to make, keeping it from responding to legitimate requests until after the attack is over.

UDP flood

A User Datagram Protocol (UDP) flood overloads the target server by repeatedly sending an overwhelming number of UDP packets.

ICMP/Ping flood

An Internet Control Message Protocol (ICMP) flood sends its victims an overwhelming number of ping packets, usually by using the "ping" command. It is simple to launch with the purpose of gaining access to a greater amount of bandwidth than its victim.