Denial of Service Attacks

E. Eugene Schultz, University of California-Berkeley Lab

What Are DoS Attacks?

Background

Distinguishing DoS Attacks

Motivations for Launching DoS Attacks

Why DoS Attacks Succeed

What Types of Sites Are Most Vulnerable?

Types of DoS Attacks

Hardware and Software Sabotage

Shut-Down or Slow-Down Attacks

Flooding Attacks

System Resource Starvation Attacks

Buffer Overflow Attacks

Packet Fragmentation Attacks

Malformed Packet Attacks

“Boomerang” Attacks

Premature Session Termination

Distributed Denial of Service (DDoS) Attacks

Prevention of DoS Attacks

Risk Management Considerations

Policy Considerations

Business Continuity Measures

Uninterruptable Power Supplies (UPSs)

Failover Systems and Devices

Firewalls

Routers

Host-Based Measures

Quality of Service (QoS) Mechanisms

Intrusion Detection

Intrusion Prevention

Third-Party Software Tools

Security Operations Centers

Conclusion

Glossary

Cross References

References

WHAT ARE DoS ATTACKS?

Background

News about some kind of disruption or prolonged outage of computing services due to malicious activity or programs seems to surface almost every day. In late 2001, for example, a flood of network traffic brought the New York Times network to a standstill. Earlier that year, the Web server of the Computer Emergency Response Team Coordination Center (CERT/CC) was brought down by a denial of service (DoS) attack. A series of DoS attacks in February 2000 brought down numerous systems used by ZDnet, eTrade, Amazon.com, eBay, ...