Denial of Service (DOS) attacks - Tutorial

Denial of Service (DOS) attacks is intended to shut down or slow down targeted servers for a period of time. As the name says a successful DOS (Denial of Service) attack ensures legitimate users are not getting any kind of services from the victim. In general Denial of Service (DOS) attacks ensure the attacked server busy with forged connection requests and keep it on a status where the server is no longer able to accept a connection request from any legitimate users. In this tutorial we would like to introduce some common methods to perform DOS attacks:

Common Methods to Perform DOS Attack

  1. ICMP flood to Perform Denial of Service Attack:

    Sending an unlimited number of packets by ping command to the targeted server is known as ICMP flood. This method can be done in the following way.

    A simple DOS attack code would be:

    ping {ip} -t -l 20000

    On command prompt window you can type the following command. This command sends 20000 bytes of data to the IP address, in a single packet. The -t is to ping the specified host until stopped and -l is to specify the buffer size. As shown in the above example ICMP flood is simple and easy to prevent nowadays. We have a different tutorial for another form of attack using a similar technique. To read it follow the link below.
    What is Smurf attack & how to prevent it
  2. TCP Attacks:

    If the attacker can create a reliable TCP connection between victim and attacker, the DOS attack would be fatal. In order to do that attacker needs to trick the server (victim) to establish a TCP connection by following the steps mentioned in the link below.

    How to Perform TCP Split Handshake Attack

    If the attacker failed to create a TCP connection between victim and attacker, another form of attack is possible. This is called TCP/SYN flooding. Here attacker floods TCP SYN packets to the server with forged sender address. The server responds to SYN packets and waits for the response. Since the sender address is forged server will not get any response and it cause server slow to respond to legitimate users who ask the same connection request.
  3. Teardrop attack:
    Another form of DOS Attack is Teardrop attack. It involves sending mangled Internet Packet fragments with overlapping, over-sized, payloads to the target machine.
  4. Peer to peer attack
    In a peer to peer attack, thousands of computers will try to access a single computer at the same time. It will break down all the connection from the server and the target machine will fail.
  5. Application level Flood: Application level flood is done by mis-programming of an application installed on the server. So it will consume a major portion of server computing power and memory and slow down the server.

DOS attack with ping flood will work only if the following cafeterias are satisfied:

1. The attacker should have higher bandwidth than the victim.
2. The victim should respond to the ping requests

DOS Attack and DDoS attack

In Distributed Denial of Service attack (DDoS), more attackers are involved and the result is more fatal compared to DoS Attacks.

DOS attack is about attacking a server but if one web server is spreading malware to client computers what will we do? The following link tells the necessary steps to prevent it.
Steps to Deal with Malware Spreading Websites

Technology Guide