25-06-2012, 12:16 PM
Denial of Service Attacks
Denial of Service Attacks.pdf (Size: 343.37 KB / Downloads: 176)
Attack availability
No direct benefit to the attacker, except for
the victim’s pain
(But there are some exceptions)
Major problem on today’s Internet
History
Most viruses and worms simply perpetrate DoS
attacks
The phone system has experienced prank DoS
attacks
Must distinguish attacks from “flash crowds”,
also known as the “Slashdot Effect”
What Can be DoSed?
Bandwidth — clog the link
CPU time — make someone do expensive
calculations
Memory — tie up system state
More generally, DoS can occur any time it
costs less for an attacker to send a message
than to process it
SYN Flooding
An arriving SYN sends the “connection” into
SYN-RCVD state
It can stay in this state for quite a while,
awaiting the acknowledgment of the
SYN+ACK packet, and tying up memory
For this reason, the number of connections for
a given port in SYN-RCVD state is limited
Further SYN packets for that port are dropped
The trick is the address forgery — if the
attacker impersonates a non-existent host,
neither the SYN+ACK nor a RST will ever
arrive
The port is thus blocked