Denial of Service (DoS) attack is made on networks, organizations, and systems on the internet. DoS attacks are a serious threat to internet security as they use the valuable information from the client's IP, which has been used in attacking packets. This research focuses on prevention methods of DoS attacks. DoS attacks are made on an everyday basis on large networks and popular websites and threaten the internet infrastructure. Since the attackers forges an IP address, the source is hard to detect and renders source based packet filtering ineffective. Thus, there are strict steps that must be taken in order to prevent DoS attacks.
Table of Contents
Abstractii
Introduction1
Denial of Service Attacks1
Discussion1
Types of DoS1
Attacking Methods1
i.Flooding1
ii.Logical1
Weaknesses Exploited1
i.TCP SYN Flooding1
ii.TCP Reset2
iii.UDP Flooding2
iv.ICMP Attack2
v.DNS Request Attack2
vi.Ping of Death2
vii.CGI Request3
viii.Mail Bomb3
ix.Land Attacks3
x.Teardrop Attack3
xi.Hybrid Attack3
Connection Establishment3
i.Direct3
ii.Reflector3
Attack Rate3
i.High Rate Disruptive3
ii.Diluted Low Rate Degrading4
iii.Varied Rate4
Attack Traffic Distribution4
Attack Packets Used4
Protocol Used4
Prevention of DoS4
Universal Techniques4
i.Disabling Unused Services4
ii.Installing Latest Security Updates4
iii.Disabling IP Broadcast4
iv.Firewalls5
v.Global Defense Infrastructure5
vi.IP Hopping5
Filtering Techniques5
i.Ingress/Egress Filtering5
ii.Router Based Packet Filtering5
iii.History Based IP Filtering5
iv.Capability Based Method5
v.Secure Overlay Service (SOS)6
vi.SAVE: Source Address Validity Enforcement6
Conclusion6
References7
Denial of Service Attacks and Their Prevention
Introduction
Denial of Service Attacks
A DOS attack provisionally handicaps a server and makes it unavailable. As a consequence, the sever fails to respond to any requests from its legitimate users and thus, is known as a Denial of Service attack. Basically, a DoS attack is an overt effort to thwart the access of genuine users to authorized resources. DoS attacks exploit the vulnerability of internet protocols, services and applications. Although there are several ways to defend against DoS attacks, nevertheless they still happen for the lack of a complete solution. There is a wide assortment of DoS attacks and security methods for combating them (Duan, et al., 2008).
Discussion
Most of the DoS attacks that take place nowadays are actually Distributed Denial of Service (DDoS) attacks ones, which are a greater than ever threat to users, organizations, networks, and internet infrastructure. In DDoS attacks, key resources are chosen and then tied up by sending a high amount of apparently genuine traffic that requests services. A DoS attack is deprives legitimate users from services like web access, e-mail, or network connectivity when access to a resource is deliberately blocked or corrupted because of a malicious action. A torrent of harmful packets is sent to a victim server rendering it incapable of providing services to legitimate users. Since, these attacks have been automated now even inexperienced crackers with capabilities can bring down a server with DoS attacks (Ahlawat & Sharma, 2011).
Types of DoS
Attacking Methods
Flooding
According to Gupta, et al. (2009), most of the DoS or DDoS attacks are carried out through using TCP. The majority of these attacks are targeted to flooding attacks. In a flooding attack, apparently legitimate are sent to a victim server. As these packets are corrupted, they block the communication resources of the victim making it incapable of serving legitimates users. Here, the resources under attack are computational power, network bandwidth and connections, hard disk space, CPU time, and data ...