Denial of service (DoS) attack - Security

I will start the discussion with the well known denial of service attack. This attack is characterized as the “kiss of death” to the organizations that depend on the Internet for prospering, i.e. e-commerce, portals, and so forth. It attempts to deny access to specific resources, causing loss of availability for legitimate users of a system. A denial of service attack can cause various types of damage, such as the temporary loss of network connectivity and services, including email; bringing down a website accessed by a lot of people, costing to the company a great deal of time and money; alteration of files; and consumption of resources, including network bandwidth and CPU time. These are just a few of the ways a denial of service attack can harm a business. The sure thing is that until you notice it, you won’t know what hit you.

Common forms of denial of service attacks are:

• Buffer overflow attacks. The attackers use this form of DoS attack to send more traffic than expected, overflowing the data buffers and causing problems. For example, a buffer overflow attack is set when the attacker sends multiple email messages with attachments that have a 256-character file name.
  
• SYN attack. Remember the handshaking process used in the TCP? The packets include a SYN field that identifies the sequence of each packet in the message that sets up the session between a client and a server. The attacker sets a large number of connection requests and then does not respond to the reply. The packet in the buffer is dropped after a period of time and this is repeated for all the fraudulent requests made by the attacker. The effect of this is that legitimate requests cannot establish a TCP session because the server is occupied with all the bogus connection requests sent previously. 

The DoS attack can be organized to use several hundred to several thousand compromised hosts, causing severe damage to the target company. This attack is also known as a Distributed Denial of Service (DDoS). Attackers have been known to use the following four programs to launch DDoS attacks: Trinoo, TFN, TFN2K and Stacheldraht. They install one of these tools on the compromised machines and then they set up an attack to a single target; the flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users.   

As you may understand, preventing DoS attacks is critical for all the organizations that use the Internet to do business.