Tip

Understanding denial-of-service attacks

We spoke with Mike Paquette of Top Layer Networks regarding denial-of-service attacks and the threat they pose to enterprise networks. Mike has more than 18 years of networking and security experience with an extensive background in the design and development of networking and security products.

What are the most common types of DoS attacks, and what is the most potent?

There are several types of denial-of-service events. The first is an exploit of a vulnerability that causes a service or server to crash. The second is a flood of traffic that clogs up portions of a network. And the third is a flood of specialized traffic that uses up resources on a service or server and causes it to go really slow.

While any activity that causes a service or server to crash is quite potent, the most common and most damaging attacks are types two and three, since they do not require an underlying vulnerability in a service or server in order to be successful. Even if a system is fully patched, its ability to perform transactions can be negatively impacted or stopped by a type two or type three DoS attack. Type three attacks include methods such as the Ping Flood and the SYN Flood. Denial-of-service attacks that are generated by many computers operating in concert are called distributed denial-of-service (DDoS) attacks.

What kind of impact can a DoS attack have on an enterprise?

In the case of the flood attacks

    Requires Free Membership to View

that use up services on a server, the server uses up so much of its memory preparing for communications with the attacker, that it has no more resources left over to carry out transactions. And, therefore, business stops. There are, perhaps, financial losses due to lack of transactions, and there are certainly unhappy customers.

How can a network administrator tell if their organization's network is the source of a DoS attack? How can they stop it?

Security experts recommend both host-based and network-based auditing and protection devices as keys to a good security infrastructure. Monitoring devices such as network analyzers and intrusion-detection systems can detect if your network is the source of an attack. On the host systems, execution of unexpected programs and excessive traffic generation can be detected. On the network, inappropriate patterns of TCP connections can indicate a denial-of-service attack. Intrusion-prevention devices can stop compromised machines on your network from attacking other entities on the Internet.

Can you share any network configuration or device tips to help organizations strengthen their defense against DoS?

Only the simplest DoS attacks can be stopped using traditional security infrastructure elements like firewalls and router ACLs. The best defense you can build into your security infrastructure is an intrusion-prevention system specialized in mitigating DoS and especially DDoS attacks. Scale your network security infrastructure to meet the needs of your Internet connection. Figure out the maximum number of packets per second your Internet connection will allow. Ensure that the first line of defense in your security infrastructure can protect against a type two or type three DoS attacks that use up the entire bandwidth of the link.

Will DoS attacks get stronger and smarter in the future, or will they give way to other kinds of attacks?

In the 2003 CSI/FBI report, denial-of-service attacks had the second highest reported dollar losses of all tracked cyber crimes. Until attack mitigation capabilities are widely deployed in security infrastructures, the denial-of-service attack will remain a persistent part of the cyber threat landscape.


This was first published in November 2003

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.