Denial of Service attacks Flashcards
What is DOS/DDOS?
A denial-of-service is an attack on the availability of a service or a network by overloading information system resources. Generally, the goal is to disrupt the service rather than damage the information system or steal information.
A distributed denial-of-service has the same principle, except it makes use of multiple compromised internet-connected machines to increase the intensity of the attack. These compromised machines are known as bots, and a network of them forms a botnet.
What is SYN flood attack?
It is a type of denial-of-service attack where the target information system is flooded with SYN packets, exploiting the principles behind the TCP 3-way handshake.
How does a SYN flood attack work?
In a normal TCP 3-way handshake:
1. Client sends a SYN packet to the server to initiate a TCP connection.
2. Server responds with a SYN/ACK packet to the client to acknowledge the previously sent SYN packet.
3. Client responds with an ACK packet to the server to acknowledge the previously sent SYN/ACK packet.
In a SYN flood attack:
1. The client sends a SYN packet containing spoofed source IP address to the server.
2. The server responds with a SYN/ACK packet to the spoofed source IP address.
3. The server waits for a respond from the spoofed source IP. Since the source IP was spoofed, the packet never arrives. This waiting state is known as “TCP half-open” and it consumes a lot of network resources.
4. The client sends more SYN packets with spoofed source IP to the server.
5. Each time the client sends a SYN packet, a new open port connection is used to facilitate the communication. When all ports on the server side are fully utilized, the server’s network is overwhelmed, resulting in the denial of service.
How does packet size affect the attack?
The larger the packet size used for the attack, the more effective the attack, as lower number of packets are needed to overwhelm a system for the same link speed.
How does the speed of the link affect the attack?
The higher the link speed, the more packets it takes to overwhelm the target information system.
