Packets with all flags set except SYN (to avoid SYN flood mitigation) consume more CPU than normal packets Hosts allocate memory to hold fragments for reassembly and then run out of memoryĮxploits misconfigured routers to amplify an ICMP flood by getting every device in the network to respond with an ICMP broadcast Real, but empty, connection setup overflows tables in stateful devicesįloods server with UDP packets, can consume bandwidth and CPU, can also target DNS servers and VOIP serversįloods of these control messages can overwhelm stateful devices Modern network attacks rarely fill or exceed the throughput capacity of the ingress pipes of the targets because they don't need to stateful devices within the target data center typically fail long before the throughput limit is exceeded 1.įake TCP connection setup overflows tables in stateful devices The SYN flood and connection flood (conn flood) typify these simplest distributed attacks, which are designed either to tie up stateful connection mechanisms of devices, such as hosts, that terminate layer 4, or to fill up flow tables for stateful devices that monitor connections, such as stateful firewalls or intrusion prevention systems (IPS). By using multiple clients, the attacker can amplify the volume of the attack and also make it much more difficult to block, since client traffic can appear to come from all over the globe. Sometimes the target succumbs and sometimes a device in front of the target (such as a firewall) succumbs, but the effect is the same-legitimate traffic is denied service. These attacks, called floods, harness a multitude of clients to send an overwhelming amount of network traffic at the desired target. The most basic attacks in the DDoS threat spectrum are simple network attacks against the weakest link in the network chain. Today, DDoS attacks come in three major categories, climbing the network stack from layer 3 to layer 7. For example, a single Linux host running the world's most popular web server software, the Apache 2 server, fails under these simple attacks at very low packet rates.įigure 1: Terminal metrics for a single Linux host with Apache 2 server DDoS Attack ProfilesĮarly DDoS attack types were strictly low-level protocol attacks against Layers 3 and 4. Simple network attacks still work against undefended hosts. Commercial DDoS defense services were developed for deployment at the service provider level. The 2002 attack was largely successful, but the 2007 attack failed (11 of 13 root servers stayed online), thanks to lessons learned from the 2002 attack. In 20, coordinated DDoS attacks were launched against the 13 DNS root servers in an attempt to attack the Internet at its most vulnerable infrastructure. Thus, DDoS attacks were perceived as being a problem primarily for "big players" or, in fact, for the Internet itself. When commercial interests gained entry to the Internet in the 1990s, they presented a target-rich environment for any group with an axe to grind against a competitor or perceived commercial monopoly Microsoft and the Recording Industry Association of America (RIAA) were frequent targets. The Evolution of DDoS Attack TargetsĮarly DDoS attacks used a limited group of computers (often a single network) to attack a single host or other small target. Today's global botnets are using distributed denial-of-service (DDoS) attacks to target firewalls, web services, and applications, often all at the same time. When these malware clients are directed by centralized command-and-control servers, they become "botnets." The sheer number of client machines involved in botnets provides enormous load-generation capacity that can be rented cheaply by any party with an interest in disrupting the service of a competitor or political target. Emerging market territories often lack proper client control, however, and malware infection rates are high. Services can be hosted anywhere and customers can be served from anywhere as the Third World catches up to the First World's broadband penetration. The world is becoming increasingly connected electronically, expanding markets and reducing the inefficiencies of doing business across borders.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |