![]() | |
![]() | |
![]() |
Security Information |
|
![]() |
DOS Attacks: Instigation and Mitigation
During the release of a new software product specialized to track spam, ACME SoftwareInc notice that there was not as much traffic as they hoped to receive. During furtherinvestigation, they found that they could not view their own website. At that moment, theVP of sales received a call from the company's broker stating that ACME Software Incstock fell 4 point due to lack of confidence. Several states away, spammers didn't like theidea of lower profit margins do to an easy to install spam blocking software so theythought they would fight back. Earlier that day, they took control of hundreds ofcompromised computers and used them as DoS zombies to attack ACME Software Inc'sInternet servers in a vicious act of cyber assault. During an emergency press conferencethe next morning, ACME Software Inc's CIO announced his resignation as a result of aseveral million dollar corporate loss. Scenarios like the one above happen a more then people think and are more costlythen most will admit. Denial of Service (DoS) attacks are designed to deplete theresources of a target computer system in an attempt to take a node off line by crashing oroverloading it. Distributed Denial of Service (DDoS) is a DoS attack that is engaged bymany different locations. The most common DDoS attacks are instigated through virusesor zombie machines. There are many reasons that DoS attacks are executed, and most ofthem are out of malicious intent. DoS attacks are almost impossible to prevent if you aresingled out as a target. It's difficult to distinguish the difference between a legitimatepacket and one used for a DoS attack. The purpose of this article is to give the reader with basic network knowledge abetter understanding of the challenges presented by Denial of Service attacks, how theywork, and ways to protect systems and networks from them. Instigation: Spoofing - Falsifying an Internet address (know as spoofing) is the method an attackeruses to fake an IP address. This is used to reroute traffic to a target network node or usedto deceive a server into identifying the attacker as a legitimate node. When most of usthink of this approach of hacking, we think of someone in another city essentiallybecoming you. The way TCP/IP is designed, the only way a criminal hacker or crackercan take over your Internet identity in this fashion is to blind spoof. This means that theimpostor knows exactly what responses to send to a port, but will not get thecorresponding response since the traffic is routed to the original system. If the spoofing isdesigned around a DoS attack, the internal address becomes the victim. Spoofing is usedin most of the well-known DoS attacks. Many attackers will start a DoS attack to drop anode from the network so they can take over the IP address of that device. IP Hijacking isthe main method used when attacking a secured network or attempting other attacks likethe Man in the Middle attack. SYN Flood - Attackers send a series of SYN requests to a target (victim). The targetsends a SYN ACK in response and waits for an ACK to come back to complete thesession set up. Instead of responding with an ACK, the attacker responds with anotherSYN to open up a new connection. This causes the connection queues and memory bufferto fill up, thereby denying service to legitimate TCP users. At this time, the attacker canhijack the system's IP address if that is the end goal. Spoofing the "source" IP addresswhen sending a SYN flood will not only cover the offender's tracks, but is also a methodof attack in itself. SYN Floods are the most commonly used DoS in viruses and are easyto write. See http://www.infosecprofessionals.com/code/synflood.c.txt Smurf Attack- Smurf and Fraggle attacks are the easiest to prevent. A perpetrator sends alarge number of ICMP echo (ping) traffic at IP broadcast addresses, using a fake sourceaddress. The "source" or spoofed address will be flooded with simultaneous replies (SeeCERT Advisory: CA-1998-01). This can be prevented by simply blocking broadcasttraffic from remote network sources using access control lists. Fraggle Attack - This types of attack is the same as a Smurf attack except using UDPinstead if TCP. By sending an UDP echo (ping) traffic to IP broadcast addresses, thesystems on the network will all respond to the spoofed address and affect the targetsystem. This is a simple rewrite of the Smurf code. This can be prevented by simplyblocking broadcast traffic from remote IP address. Ping of Death - An attacker sends illegitimate ICMP (ping) packets larger than 65,536bytes to a system with the intention of crashing it. These attacks have been outdated sincethe days of NT4 and Win95. Teardrop - Otherwise known as an IP fragmentation attack, this DoS attack targetssystems that are running Windows NT 4.0, Win95 , Linux up to 2.0.32. Like the Ping ofDeath, the Teardrop is no longer effective. Application Attack - Thess are DoS attacks that involve exploiting an applicationvulnerability causing the target program to crash or restart the system. Kazaa and Morpheus have a known flaw that will allow an attacker to consume allavailable bandwidth without being logged.See http://www.infosecprofessionals.com/code/kazaa.pl.txt Microsoft's IIS 5 SSL also has an easy way to exploit vulnerability. Most exploits likethese are easy to find on the Internet and can be copied and pasted as working code.There are thousands of exploits that can be used to DoS a target system/application. Seehttp://www.infosecprofessionals.com/code/IIS5SSL.c.txt Viruses, Worms, and Antivirus - Yes, Antivirus. Too many cases where the antivirusconfiguration is wrong or the wrong edition is installed. This lack of foresight causes anunintentional DDoS attack on the network by taking up valuable CPU resources andbandwidth. Viruses and worms also cause DDoS attacks by the nature of how theyspread. Some purposefully attack an individual target after a system has been infected.The Blaster worm that exploits the DCOM RPC vulnerability (described in MicrosoftSecurity Bulletin MS03-026) using TCP port 135 is a great example of this. The Blastertargeted Microsoft's windows update site by initiating a SYN FLOOD. Because of this,Microsoft decided to no longer resolve the DNS for 'windowsupdate.com'. DoS attacks are impossible to stop. However, there are things you can do tomitigate potential damages they may cause to your environment. The main thing toremember is that you always need to keep up-to-date on the newest threats. Mitigation: Antivirus software - Installing an antivirus software with the latest virus definitions willhelp prevent your system from becoming a DoS zombie. Now, more then ever, this is animportant feature that you must have. With lawsuits so prevalent, not having the properprotection can leave you open for downstream liability. Software updates - Keep your software up to date at all times. This includes antivirus,email clients, and network servers. You also need to keep all network Operating Systemsinstalled with the latest security patches. Microsoft has done a great job with makingthese patches available for their Windows distributions. Linux has been said to be moresecure, but the patches are far more scarce. RedHat is planning on incorporating theNSA's SE Linux kernel into future releases. This will give Mandatory Access Control(MAC) capabilities to the Linux community. Network protection - Using a combination of firewalls and Intrusion Detection Systems(IDS) can cut down on suspicious traffic and can make the difference between loggedannoyance and your job. Firewalls should be set to deny all traffic that is not specificallydesigned to pass through. Integrating an IDS will warn you when strange traffic is presenton your network. This will assist you in finding and stopping attacks. Network device configuration - Configuring perimeter devices like routers can detectand in some cases prevent DoS attacks. Cisco routers can be configured to activelyprevent SYN attacks starting in Cisco IOS 11.3 and higher using the TCP interceptcommand in global configuration mode. Access-list number {deny | permit} tcp any destination destination-wildcardip tcp intercept list access-list-numberip tcp intercept ? (will give you a good list of other options.) Cisco routers can prevent Smurf and Fraggle attacks by blocking broadcast traffic. SinceCisco IOS 12.0, this is the default configuration. ACLs or access control lists should alsobe configured on all interfaces. No ip directed-broadcast The Cisco router can also be used to prevent IP spoofing.ip access-group list in interfaceaccess-list number deny icmp any any redirectaccess-list number deny ip 127.0.0.0 0.255.255.255 anyaccess-list number deny ip 224.0.0.0 31.255.255.255 anyaccess-list number deny ip host 0.0.0.0 anySee Improving Security on Cisco Routers - www.cisco.com/warp/public/707/21.html Old Cisco IOS versions are vulnerable to several DoS attacks. The "Black Angels" wrotea program called Cisco Global Exploiter. This is a great software to use when testing thesecurity of your Cisco router version and configuration and can be found athttp://www.blackangels.it/Projects/cge.htm Security is not as mystical as people believe. DoS attacks come in many differenttypes and can be devastating if you don't take the proper precautions. Keep up to date andtake steps to secure network nodes. Keeping security in mind can minimize damages,downtime, and save your career. Security Resources: Author: Jeremy Martin CISSP, ISSMP, ISSAP, CEI, CEH, CHS-III, CCNA, Network+, A+http://www.infosecwriter.com Member of:
MORE RESOURCES: false The Hill Gazprom security outfit raises concern of new Russia mercenary army Business Insider Tallahassee hospital IT security 'event' has signs of ransomware attack Tallahassee Democrat Illinois to Require Security Guards in Gas Stations, Grocery Stores? CSPDailyNews.com DoD and Danish Ministry of Defense Sign Security of Supply ... Department of Defense Ukraine: Meeting under the “Threats to International Peace and ... Security Council Report Tallahassee Memorial resumes 'limited' elective procedures as IT ... WUSF Public Media Security Think Tank: Poor training is worse than no training at all ComputerWeekly.com The Worldwide Cyber Security Consulting Services Industry is Anticipated to Reach $8.614 Billion in 2027 Yahoo Finance Minerals Security Partnership Governments Engage with African ... Department of State Drug distributor AmerisourceBergen confirms security breach BleepingComputer Check Point Software Releases its 2023 Security Report ... Check Point Software Skybox Security raises $50M and appoints Mo Rosen CEO SiliconANGLE News Joint Statement following a UN Security Council meeting on Syria ... United States Mission to the United Nations Coal emissions must fall, but energy security is vital World Economic Forum CEO Of Security Company Sentenced To Five Years In Prison For ... Department of Justice Governor Abbott Announces Statewide Plan Banning Use Of TikTok Office of the Texas Governor New FTX CEO says security so bad execs could have stolen $500M Business Insider River Cree Resort and Casino updates security with Genetec Security Magazine Biden Administration Announces Additional Security Assistance for ... Department of Defense Smiths Detection security tech to equip five New Zealand airports Airport Technology Central American Security Conference (CENTSEC) 2023 U.S. Southern Command President Biden Announces Appointments to the President’s ... The White House Ukraine's Caverns Offer Europe Energy Security Center for European Policy Analysis Invitation: Briefing of the UN Security Council on Children & Armed ... Children and Armed Conflict St. Lucie County considers new security cameras following deadly mass shooting WPTV News Channel 5 West Palm Officer in charge of Brasilia security on Jan. 8 arrested Reuters Canada Zurik: Mayor Cantrell’s security detail sometimes outnumbered those policing an entire NOPD district FOX 8 Local First Memphis Police Chief Trained With Israel Security Forces The Intercept DHS Announces Process Enhancements for Supporting Labor ... Homeland Security Speech, Speed and Security: What's new in Chrome 110 Chrome Unboxed |
![]() |
![]() |
![]() |
RELATED ARTICLES
Burning Bridges is Bad, But Firewalls are Good When you signed up for that ultra-fast DSL or Cable connection there was probably one very important piece of information that your ISP failed to mention. By accessing the Internet via a high-speed connection, you have tremendously increased your chances of being victimized by a computer hacker. The Move to a New Anti-Virus Model This is the second in a series of articles highlighting reasons why we need a new model for anti-virus and security solutions.Reason #1: the Basic ModelAnti-virus software vendors still rely on yesterday's methods for solving today's problems: they wait for the next virus to wreak havoc and then produce a solution. Firewall Protection - Does Your Firewall Do This? The first thing people think about when defending their computers and networks is an up-to-date antivirus program. Without this most basic protection, your computer will get a virus, which could just slow it down or potentially bring the pc to a complete standstill!So anti-virus software is the answer?An anti-virus solution on it's own is not the answer to all of your problems, it can only protect you so much; in fact test have shown that a new pc running Windows XP if left connected to the Internet unprotected will be infected with viruses and remotely controlled via unauthorised persons within 20 minutes! To protect you against hackers and often to prevent spyware and 'scumware' from communicating directly with their servers about information it may have picked up from your pc, a firewall should form the key part of your e-security solution. Are You Surfing Safe? Ok, you've got a computer, and you get online. You surf your favorite sites, Sports, Shopping, Cowchip Tossing Blogs, and so on. Anti-Spyware Protection: Behind How-To Tips There is no doubt that "how-to articles" have become a separate genre. One can find such an article about almost anything; there are even some entitled "How to Write a How-To Article". How to Fight Spyware If you are wondering how to fight spyware for safe web surfing, this Internet privacy article will answer some of your questions. By now you have probably heard about the dangers of spyware. Internet Scams: Dont be a Victim As the number of people using the Internet as an integral part of their daily life grows, it is inevitable that the number of Internet Scams will grow. Unfortunately there are many forms of scams but in this article we will look at three of the most prominent. Is The Internet Over Regulated Today's Internet or World Wide Web is being over regulated.But, are you being taken for a ride, are you lead to believe that Governments World Wide are creating new legislation for your benefit or are there underlying factors that these laws are more beneficial to Governments and big business?First we had the Can-Spam and other laws passed regulating the sending of unsolicited commercial e-mail, that contains false or deceptive subject information, or that is sent from invalid e-mail addresses, but for me, my inbox still seems to always be full of junk mail. How to Protect Your Child from the Internet When the Internet first came about, it was realized it could be quite the multi-tasking machine. These days people use it for just about everything, from downloading music to checking e-mail, and virtually making the rest of the globe closer all the time. Web and Computer Security Well, if that would have been said to me by my father when I was 2 years of age, I would have understood. But when today, my own computer tells me that when I am 34, I wonder why I spent $1500 on my computer hardware and software just to enjoy the (un-realized) benefits of this great and revolutionary information technology?Today’s cyberspace is hazardous. Password Security and Safety There is nothing more important that password security in world of technology. It is the first step to creating a safe and secure environment. Spy Scanners - Don't Compromise your Privacy Spies, spyware, internet parasites are among what they are usually called. These are scouts that monitor your web activities. Top 10 tips for Safe Internet Shopping Over £5 billion pounds was spent on online shopping in 2004. The Internet was the fastest growing retail sector last year, attracting one in four shoppers. How To Cover Your Tracks On The Internet Every single time you access a website, you leave tracks. Tracks that others can access. Parental Control - Dangers To Your Child Online & Internet Child Safety Tips Did you know.. What is Hacking? Are You a Hacker? WHAT IS HACKING?Hacking, sometimes known as "computer crime" has only recently been taken very seriously. The activities undertaken by the real hackers have been criminalized and they are now being legally persecuted on a scale disproportional to the actual threat they pose. Mail Forwarding - Why Would You Do It? First of all we need to get some terms stated. I have been in the business for just over two years and there is still some confusion over the topic. Don't Become An Identity Fraud Statistic! "You've just won a fabulous vacation or prize package! Now, if you'll kindly give me your credit card information and social security number for verification purposes, you will receive this awesome gift!"Now why would they need my credit card or social security number to send me a freebie? Can you say, "identity theft?"Although there are legitimate reasons for people to need that information, such as a purchase or job application, thieves need it to steal your life and money from you!Crime officials are reporting that this kind of theft is becoming quite common. Don't be a victim! Follow a few common-sense suggestions to avoid finding out someone else has taken over your life-along with your bank account!-Do not allow anyone to borrow your credit cards! Your best friend may be trustworthy, but her boyfriend may not be!-Don't provide personal information such as date of birth, credit card numbers, your pin number, mom's maiden name, or social security number over the telephone unless you initiate the call. Phishing and Pharming: Dangerous Scams As soon as almost all computer users already got used to -- or at least heard about -- the word "phishing", another somewhat confusing word appeared not long ago. Pharming. How To Be Your Own Secret Service Agency So you want to know who your kids are chatting with. Or if your spouse has a blossoming e-mail romance. ![]() |
home | site map |
© 2006 |