Denial of service issues and solutions Dissertation

Denial of service issues and solutions - Dissertation Example (Chau) The real intent of those attacks is to shut down a site and not to penetrate it. Purpose may also be vandalism, extortion or social action including terrorism. (Crocker, 2007) 1.3 How DoS works The nature of DoS can be explained using Figure 1.1. In the figure, Bob is the authentic user of the system and he sends messages using the insecure Internet to the server. Darth, the attacker interfere the services offered by server and make the genuine user, Bob, invisible to server. In a normal connection, users transmit a message to the server to get authentication from the server. Then, the server returns a message to authenticate to the user as a genuine user of the system. Also, from the user side, the acknowledge message is sent back to approve the server and the connection between the user and the server is established. Figure 1.1 Denial of Service (Stallings, 2006) When a denial of service attack is taken place, the server receives several authentication requests, seemingly ca me from the authentic users, which have false return addresses. The server fails to successfully locate the user while trying to return the authentication acknowledgement. Then, the server waits so that it can authenticate the user before stopping the connection. In most DoS attacks, the attackers flood the servers with forged requests and make servers delayed. 1.4 Types and Generation of DoS Attacks Generally, there are three major classifications of DoS attacks depending on the victims targeted by attackers—users, hosts or networks though there are several types of DoS attack prevalent on Internet. US Cert advisory suggests that the three main types of DoS attacks are bandwidth, protocol and software vulnerability attacks. The major aspects that most DoS attacks are focusing on are bandwidth, CPU time and memory. Most common DoS attacks can be summarized as the following. 1.4.1 TCP SYN Flood Attack Flood type attacks are the first known form of a DoS attack and their attack ing mechanism of is quite simple – attackers send more traffic to a server than it can handle. (Georgieva, 2009) SYN Flood attack is a protocol type and exploits the weakness of TCP/IP protocol. US CERT advisory defines SYN flood as â€Å"an asymmetric resource starvation attack in which the attacker floods the victim with TCP SYN packets and the victim allocates resources to accept perceived incoming connections†. In TCP SYN flood attack, the legitimate users are ignored when the attacker initiates a TCP connection to the serve with a SYN. The victim server responds to the request with spoofed IP address and waits for ACK from the client side. Then, the connection table of the server is filled up and it neglects all new connections from legitimate users. This phenomenon can be clarified using Figure 1.2. Figure 1.2 Comparison of Normal TCP 3 ways Handshake and TCP SYN Flood attack demonstration (cisco.com) Flood type attacks are so common and powerful. Georgieva (2009 ) suggests that â€Å"even if a webmaster adds more bandwidth, this still is not a sufficient protection against a flood attack†. Because of the bandwidth insufficiency, even the normal volume of legitimate requests may appear as flood attacks. 1.4.2 Ping of Death Attack The Ping of Death or POD attack is another DoS attack with simple principle. It exploits software vulnerab