All About Identity and Access Management
An open forum to share views about Identity Management, Access Management and Access Governance.
Denial of service(DOS) and Distributed Denial of service(DDOS) attack
A denial-of-service attack overwhelms a system’s resources so that it cannot respond to service requests. A DDoS attack is also an attack on the system’s resources, but it is launched from a large number of other host machines (Botnets) that are infected by malicious software
controlled by the attacker.
Types of DOS\DDOS attacks:
TCP SYN Flood attack: In this attack, an attacker exploits the use of the buffer space during a Transmission Control Protocol (TCP) session initialization handshake. The attacker’s device floods the target system’s small in-process queue with connection requests, but it does not respond when the target system replies to those requests. This causes the target system to time out while waiting for the response from the attacker’s device, which makes the system crash or becomes unusable when the connection queue fills up.
Smurf attack: This attack involves using IP spoofing and the ICMP to saturate a target network with traffic. This attack method uses ICMP echo requests targeted at broadcast IP addresses. These ICMP requests originate from a spoofed “victim” address.
Ping of Death attack: This type of attack uses IP packets to ping a target system with an IP size over the maximum of 65,535 bytes. IP packets of this site are not allowed, so attacker fragments the IP packet. Once the target system reassembles the packet, it
can experience buffer overflows and other crashes.
Mitigations for DOS and DDOS attacks :
IP Whitelisting/Blacklisting.
Increase the size of the connection queue and decrease the timeout on open connections.
Blackhole filtering, which drops undesirable traffic before it enters a protected network. When a DDoS attack is detected, the BGP (Border Gateway Protocol) host should send routing updates to ISP routers so that they route all traffic heading to victim servers to a null interface at the next hop.
To prevent Smurf attack you need to disable IP-directed broadcasts at the routers. This will prevent the ICMP echo broadcast request at the network devices.
Rate Limiting, limiting the amount of traffic available to a specific Network Interface Controller (NIC).