Often an attacker does not care if they break into a site or not, just in doing damage. A common method of achieving this is a Denial of Services Attack. DoS attacks are characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. Some examples include;
- Attempts to "flood" a network, thereby preventing legitimate network traffic,
- Attempts to disrupt connections between two machines, thereby preventing access to a service,
- Attempts to prevent a particular individual from accessing a service,
- Attempts to disrupt service to a specific system or person,
- Attempts to “offline” a host (e.g. cause it to reboot).
Generally the methods of attack may be summarized into the following groups;
o Network Connectivity, using all ports for example
o Using Vulnerabilities (e.g. Pointing echo services to chargen services)
o Bandwidth Consumption (esp. DDoS)
o Consumption of Other Resources (e.g. memory or database overflow attacks)
- Destruction or Alteration of Configuration Information (e.g. wiping router memory)
- Physical Destruction or Alteration of Network Components (spilling coffee on a host)
Single-Message DoS Attacks
Once also known as "Nuke" Attacks these are designed to cause networked computers to disconnect from the network or crash (possibly rebooting or hanging the system).
Commonly these attacks exploit bugs in a specific operating system (OS). In general, these problems are promptly fixed by the vendor. Good patching procedures to implement the latest security patches reduce this vulnerability.
Flooding Denial-of-Service (DDoS) Attacks or Distributed DoS Attacks
A remote system is overwhelmed by a continuous flood of traffic designed to consume resources at the targeted server (CPU cycles and memory) and/or in the network (bandwidth and packet buffers). These attacks result in degraded service or a complete site shutdown.
SMURF attacks use an intermediary to flood their victim. They spoof the victim's address and send an ICMP Ping (Echo Request) to a subnet broadcast address. Each device on the subnet will respond back to what they think is the sender (the victim) with an ICMP ECHO Reply, thus flooding their target. This rapidly exhausts the bandwidth available to the target, effectively denying its services to legitimate users
LAND: set the source and destination IP address (on any packet) both to the victim's IP address. This used to kill some machines a long time ago (they'd try to send a response to themselves, and either burn a lot of cycles or end up crashing the system).
TCP SYN Flood Attacks take advantage of TCP’s “three-way handshaking”. The attacker makes connection requests aimed at a target system. The packets have unreachable (forged) source addresses. The server is not able to complete the connection requests and, as a result, the target system wastes resources. A relatively small number of forged packets will consume memory, CPU, and applications, resulting in shutting down a server.
UDP Flood Attacks rely on UDP being a connectionless protocol. A UDP Flood Attack is achievable if an attacker can send a UDP packet to a random port on the target system and the target system responds with an ICMP packet of destination unreachable to the forged source address. By sending enough UDP packets to ports on the target system, the system will fail to respond.
ICMP Flood Attacks come in many forms. There are 2 basic kinds, Floods and Nukes (as detailed above).
An ICMP flood is usually accomplished by broadcasting either ICMP ping packets or UDP packets. The basis of the attack is to send large amounts of data to the target system. This results in it slowing down to a point where it is no longer functional.