Well-Known DoS Attacks

Knowing about common, well-known attacks can be useful and interesting, and when someone indicates an attack is a variation of the Ping of Death, you will know what that means. Well-known attacks include the following:

• TCP SYN Flood Uses the TCP establishment handshake to conduct attacks by creating TCP “half-open” connections, tricking the target or reflector into thinking a session is being established.

• Ping of Death Sends one or more oversized ping packets to crash or disable servers and other computer systems. Sending illegal IP datagrams (larger than 65,536 bytes) is possible because of packet fragmentation during transmission. When the fragments are reassembled at the target, it can overflow the buffer and cause a reboot, crash, or hang.

• Trinoo A distributed tool (bot) used to launch coordinated UDP flood DoS attacks from many sources. A Trinoo network consists of a small number of masters and a large number of bots.

• Tribe Flood Network (TFN) and Tribe Flood Network 2000 (TFN2K) Like Trinoo, variations of TFN use a distributed tool to launch coordinated DoS attacks from many sources against the target(s), often using spoofed source IP addresses. TFN bots can generate UDP flood attacks, TCP SYN flood, ICMP echo request flood, and ICMP directed broadcast (for example, smurf) DoS attacks.

• Stacheldraht (German for “barbed wire”) Combines features of the Trinoo DDoS tool with those of the original TFN, and adds encrypted communications between the attacker and stacheldraht masters and automated agent updates.

• Trinity Preys on Linux servers and uses IRC channels to unleash IP packet floods on targeted host machines