Denial of service (DoS) attacks in their many forms are by
far the most infamous, and possibly the most threatening to organizations who
conduct any business over the Internet. The primary purpose of any DoS attack is
to deny access to a device—or better, an entire network—by bombarding it with
useless traffic. This attack has two ways to bury the target. First, the packets
themselves can consume 100 percent of a device’s resources, thereby preventing
it from doing its regular work. Because a firewall or intrusion detection system
could often easily defeat this type of attack, the second threat is far greater.
The second threat is that the organization’s connection(s) to the Internet is
filled to capacity with this useless traffic, thereby preventing in or out
communications. For this reason, a DoS attack typically can only be defeated by
the efforts of the organization’s ISP.
Because the ISP’s upstream connection, called a fat pipe, is typically many times
larger than the connection to each customer, the ISP might be completely
oblivious to the attack. If the ISP’s staff and service policies are less than
optimal, the organization under attack might seem doomed. Figure 1-1 shows the relative
capacity of the ISP’s link to the Internet versus the much smaller links to
their customers.
The true DoS attack launched by a single host generally isn’t
used, except by the least-experienced hackers. Figure 1-2 shows a traditional
DoS attack. The two most devastating variations are the distributed denial of
service (DDoS) and the distributed deflection denial of service (DRDoS). Both of
these attacks enlist the assistance of others, often hundreds, of unsuspecting
hosts to assist in the attack, thereby significantly increasing the size of the
attack, further shielding the source, and making it harder to defend against.
Sections
Comments (0 posted)
Syndication
