BGP: Building Reliable Networks with the Border Gateway Protocol by van Beijnum Iljitsch

Author:van Beijnum, Iljitsch [van Beijnum, Iljitsch]
Language: eng
Format: epub
Tags: COMPUTERS / Networking / Network Protocols
Publisher: O'Reilly Media
Published: 2010-03-05T05:00:00+00:00

Denial-of-Service Attacks

If your network or the services hosted on it have a high profile, or you did something to provoke the wrong people, you can easily end up on the receiving end of some kind of attack. Attackers are lazy, so they’ll go for the easy targets. If your hardware or software or the protocols you use have known vulnerabilities, they’ll try to exploit those. Even worse, attackers are continually scanning networks they have no beef with to find vulnerable systems they can abuse to attack people they don’t like. With software and protocols becoming more complex every day, it isn’t easy to keep all the systems on your network secure so they can withstand known attacks. But even if they can, you’re not out of the woods: attackers can still swamp your hosts or the entire network with random traffic or seemingly legitimate requests, thereby using up all resources so that requests from real users can’t be handled, denying them service. When an attack originates from a (large) number sources, it’s called a distributed denial-of-service (DDoS) attack. The four most popular DoS attacks are, in no particular order:

Packet flood

This attack works by simply sending so much traffic that it completely saturates the incoming connections of the attacked network. The traffic can be anything, but ICMP echo requests are particularly effective because many hosts answer with an echo reply, introducing even more traffic into the network. Also, ICMP messages can be small (as little as 28 bytes), so the number of packets per second is as high as possible for a given amount of bandwidth, increasing the CPU time needed to process the packet stream. Finally, lower-layer overhead is as large as possible: a 28-byte IP packet takes up 672 bits on the wire for Ethernet, three times the original size. The source addresses are often falsified in packet-flooding attacks.

Smurf directed broadcast amplification

“Smurf” attacks use misconfigured intermediate networks to multiply traffic, allowing attackers to easily muster up large amounts of traffic without the need to hack any systems. The attacker sends ICMP echo request packets with the source address set to that of the intended victim to a directed broadcast address of an amplifier network. The router at this network turns the packet into a broadcast, so all hosts connected to the subnet receive it. Many of these hosts will reply with an echo reply message, which will be sent to the apparent source of the echo request message. As a result, the network under attack will see large amounts of incoming ICMP echo reply messages from many different hosts. In this case, the source addresses are those of the amplifying network, not of the attacker. Some attackers use other amplification mechanisms, such as UDP echo packets or short DNS queries that generate large reply packets. These are less common.

SYN flood

A SYN flood doesn’t depend on saturating the full bandwidth of the network (although it may succeed at this), but tries to open more TCP sessions than the attacked host can handle.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.