DOS Attacks as Easy Tools for Hackers - Case Study Example

DENIAL OF SERVICE (DOS) ATTACKS Denial of Service or in short DOS attacks has become easy tools for hackers to use against legitimate and authenticated users. Most of the hackers commit this type of offence to show off their skills to their friends and to gain respect in underground groups of Internet. The main goal of Denial of Service or DOS attack is to deny valid Internet and Network users from the services of the target system or Network or server. It launches an attack that prevents the use of services that are offered to the legitimate and authenticated users by the Network. In other words DOS attack is described, as an attack in which the memory clogged up so much that a target will unable serve its legitimate users. Or data packets are sent to the target system so much so that it cannot handle it and thus making it to either crash, reboot or more commonly deny services to legitimate users. “A denial of service attack involves preventing you from accessing data or service by confusing or overloading the computers or networking equipment” (Cyganski and Orr, 2002, p. 279). DOS attacks are categorized as Those that take advantage of vulnerabilities present in TCP/IP protocols suite. Those that take advantage of vulnerabilities present in Ipv4 and Ipv6 implementation. Use of brute force attacks. Lets see the vulnerabilities present in TCP/IP protocols suite. Some of the vulnerabilities of TCP/IP protocols suite are Ping of Death, Teardrop, SYN attack and Land attack. Ping of Death This vulnerability is commonly used to hang remote systems and sometimes force them to reboot which ultimately results in denial of service, means denying the valid services by Networks to the legitimate and authenticated users. This attack no longer works as most of the system administrators upgraded their systems making them safe from such type of serious attacks. The trick in this attack is to ping a target system with excess data packets that exceeds the maximum bytes allowed by TCP/IP protocols suite. The memory of the target system would be clogged up and forces it to hang, reboot or crash. Since the data gram is so huge that it would be difficult for the target system to handle. Teardrop The data sent over the Internet is broken down into small fragments at the source and reassembled at the destination system. Teardrop attack uses the vulnerability present in the reassembling of data packets at the destination system. Lets see how teardrop attack works. Suppose 4000 bytes of data have to be sent over Internet from one system to the other, this data is not sent to the destination system at one go. This data is fragmented into small parts and divided into a number of packets. Each data packet has a specified range. For example, 4000 bytes are divided three data packets. The first data packet will be from 1 byte to 1500 bytes; second from 1501 bytes to 3000 bytes and third and final data packet will carry from 3001 bytes to 4000 bytes. These data packets will be having an OFFSET field in their TCP header part. The offset field specifies the range of data that is being carried or specifies to which data packet the bytes are to be sent. A sequence of numbers is sent along with the packets so that the destination system could easily able to reassemble. In this attack data packets with overlapping offset field values are sent to the target system in a series. This makes it difficult for the target system to reassemble the data correctly and forces it to crash, hang or reboot. The following scenario explains the teardrop attack clearly. A system receives data in the following manner: (1 to 1500 bytes) (1501 to 3000 bytes) (3001 to 4000 bytes) In teardrop attack the data is sent in the following manner: (1 to 1500 bytes) (1500 to 3000 bytes) (1001 to 3600 bytes) When this type of overlapping data is received by the target system, it simply cannot handle it and will crash or hang or reboot. SYN Attack In TCP/IP protocols suite two systems establish a connection by a three-way handshake. Every system that follows TCP/IP protocols suite has to follow this protocol to establish a connection. SYN attacks exploits vulnerabilities present in the three-way handshake. To understand SYN attack first we should know how TCP/IP establishes a connection between two systems. Since this connection takes place in three steps this is called as three-way handshake. In first step the client sends a SYN packet to host or the target system, the host replies with a SYN/ACK packet, to which the client responds with an ACK (acknowledgement) packet. The following depiction will make it clear. 1. Client --------SYN Packet--------------à Host 2. Host -------------SYN/ACK Packet----------à Client 3. Client --------------ACK-----------------------à Host In SYN attack the packets are sent to the target system, the trick is all these SYN packets will be having a bad source IP address or in most of the cases there will be no system containing the given IP addresses. The target system responds to the SYN requests with the SYN ACK packet and it will be in the infinite and will remain in that state only since it won’t receive any ACK packet. Thus memory will clog up and the system eventually crashes or hangs. Land Attack In Land attack SYN packets are used to disrupt the target system services. It is similar to SYN attack but the only difference is instead of bad IP address, the IP address of the target system will be used. This makes the target system to be in an infinite loop. It tries to respond to itself thus queuing up the requests, thus the memory will be clogged and all the services are denied. Distributed DOS Attacks Distributed DOS attacks or simply DDOS attacks are posing a great threat to the security and have become deadliest threat to Internet security. In DDOS attacks a group of hackers work together to bring a Fortune 500 company’s server down. Each one of them takes over a less protected system and launch attacks against the target networks from these systems. They install a Denial of Service tools on the hacked networks and use them to launch a series of attacks on target systems. Solutions It is an undeniable fact that not a single system is hundred percent secure. Maximum security can be provided but it cannot guarantee 100 percent foolproof security. The best way to counter these attacks is to use standard anti-virus software that should be updated every now and then. A personal firewall should always be used. Though this software provides security, it is also prone to attacks. It does not provide a foolproof security. Most of the attacks are of IP spoofing attacks. Services that are vulnerable to spoofing are as follows: Sun RPC & NFS. BSD UNIX "r" commands, including rlogin. Services secured by TCP Wrappers using source address access control. X Windows. IP spoofing attacks are very difficult to detect. The best way to detect these attacks is to have a system monitoring that keeps an eye on incoming and outgoing traffic. When too much of data packets coming from one particular IP address then counter steps can be taken to prevent the attack. Another method to counter DOS attacks is to change the IP address of the system constantly and the use of proxy servers. This can be done in the following manner: Go to control panel in Windows 98/ME/XP operating system. Click the Network icon and choose TCP/IP option in the configuration tab. Click the properties and click again on IP address tab. Click the radio button of option of Specify an IP address. Finally give the IP address of a proxy server in the address field. Reference David Cyganski and John A. Orr with Richard F. Vaz. Information Technology Inside and Outside. New Delhi: Pearson Education. 2002. Andrew S. Tanenbaum. Computer Networks. New Delhi: Prentice Hall of India. 1999. “F-08: Internet Address Spoofing and Hijacked Session Attacks.” US Department of Energy. Retrieved 7 April 2006 “Immediate Actions Requested Of All Organizations Connected To The Internet”. Help Defeat Denial of Service Attacks: Step-by-Step. SANS. Retrieved 7 April 2006 Donald Cohen, K. Narayanaswamy and Fred Cohen. Changing IP to Eliminate Source Forgery. Cs3, Inc. Retrieved 7 April 2006 > Read More