Denial of Service Attacks

From Embedded Lab Vienna for IoT & Security
Jump to navigation Jump to search

Disclaimer

!!! This Entry is still work in Progress !!!

The up-to-date Entry and Drafts can be found here: [[1]]

Summary

This Documentation is about the Basics of Denial of Service and Distributed Denial of Service Attacks.

Introduction

Denial of Service or Dos attacks aim to prevent that legitimate users access the comprised component. Due to Cisco, is the Dos Attack one of the seven most common types of cyber-attacks [1]. The reasons of the attacker can have many backgrounds. The Attack can am to cause facial loss to the attacked company by bringing the company website down. For example, in 2015 the by the time biggest DDos attack with 1,35 Tbps rained down on Github and put it off the line for 15 minutes [2]. There can also be a political reason, like in July 2008 where Georgian President Mikheil Saakashvili’s webpage was targeted by a DDos attack. The web page was inaccessible for two days. A trace back attempts showed that Commanding Server is located in Russia [3]. Since Internet of Things (IoT) and Smart Home Devices get more popular, the number of IoT bots used for DDos Attacks rise day by day. This is caused due to poor security of IoT devices and the lack of security firmware updates.

Difference Between Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks

The typical DoS attack is performed from one attacker by flooding the victim server with data. Back than it was possible to take down a small web page with the usage of only one state of the art personal computer. But nowadays it is almost impossible because the internet is dominated by the big domains like google or Amazon. Small websites have the possibility to launch their web page on a server of a big domain which makes a typical DoS attack almost impossible. But Distributed DoS attacks are still able to make a huge impact because the attack gets performed by multiple devices at the same time. This net of attacking devices is called botnet. Botnets get constructed by infecting usual devices threw malware. This botnet devices are also used to flood the internet flood the internet with spam mails [4].


Target points of Denial of Service Attacks

Resource Depletion

This type attack aims to exhaust resources like power, sockets, memory and computing power to deny any legit resource usage. A well-known example of memory depletion DoS Attack is Frokbomb. This Program replicates itself until all memory is used up and the system does not allow any new memory allocation. In IoT Networks battery exhaustion attacks are quite common as an attack entry point to take down sensor nodes and make them inaccessible.

Bandwidth Depletion

Bandwidth Depletion is the most common DoS type for attacking Webservers and Services. The attack can either aim at a whole network or a webserver. The types of a bandwidth depletion attack differ into a standard attack distributed denial of service, amplified dos attacks and Protocol attacks.

Zero Day Attack

Zero-day attacks use vulnerabilities that are undiscovered by the manufacturers as the main entry point of the attack. The manufacturer is often powerless against zero-day attack, because he must research the vulnerability before they can take efficient counter measures.

Types of DoS / DDos Attacks

DoS Attack Types

Volunmetric Attacks

A Volumetric attack is performed by a malicious user and his powerful rig. The malicious user sends a flood of ICMP or TCP packets to the victim to deplete its bandwidth or processing power. The basic form of volumetric attacks against websites is not effective anymore, due to the growth of the internet and Webservices. Nowadays Volumetric Attacks are used with Botnets to be much more effective and many other advanced DoS attacks use this principal as their basis.

Reflection Attack

This type of attack is performed by using a range of innocent proxies to flood the victim network or device with packets. The malicious user simply sends an ICMP Request to his proxies that have been altered with a spoofed IP address header field. The innocent Proxies reply to the victim in a legit way and deplete the victim’s network. The proxies are unknowingly performed a DoS attack and the malicious user can cover his tracks.

References

Category:Basic [[]]

Retrieved from "https://wiki.elvis.science/index.php?title=Denial_of_Service_Attacks&oldid=3689"