|
|
 |
/ / / Resource Depletion Attacks
Resource Depletion Attacks
DDoS Resource Depletion Attacks are characterized by attackers sending packets that target network protocol
communications, which congests network resources and prevents access by legitimate users.
Protocol Exploit Attacks
Transfer Control Protocol (TCP) Synchronize (SYN) Attacks. The TCP process typically includes a full handshake between
a sender and a receiver before data packets are sent. The initiating system sends a SYN request and the receiving system
will reciprocate by returning an ACK (acknowledgement) along with its own SYN request. The sending system will then send
back its own ACK to authorize communication between the two systems. If the receiving system is sent a SYN packet but does
not receive an ACK, the receiver will resend a new SYN packet after some time. The processor and memory resources at the
receiving system will be reserved for this TCP SYN request until a timeout occurs. Also known as resource starvation attacks,
a DDoS TCP SYN attack will capitalize on the TCP function where zombies will send bogus TCP SYN requests to a victim server,
which effectively saturates the server processor resources and prevents it from processing legitimate requests. It particularly
exploits the three-way handshake between the sending system and the receiving system by sending large volumes of TCP SYN packets
to the victim system with spoofed source IP addresses. Eventually, when large volumes of TCP SYN attack requests are sent and
repeated, the victim system will run out of memory and processor resources, thus unable to process any legitimate user requests.
PUSH + ACK Attacks
The PUSH + ACK attack is similar to a TCP SYN attack in depleting processor and memory resources of victim systems. A PUSH is a
one-bit flag tagged within a TCP header. During the TCP process, packets that are sent to a destination are buffered within the
TCP stack. Packets will then be proceeded to be sent to the receiving system after the stack is filled. However, by setting the
PUSH bit to one, the sender can request the receiving system to unload the contents of the buffer before the buffer becomes full.
TCP then stores incoming data in large blocks for passage on to the receiving system in order to minimize the processing overhead.
When this process is repeated with multiple agents, the receiving system will not be able to handle the large volumes of incoming
packets and will result in a crash.
Malformed Packet Attacks
A malformed packet attack is characterized by zombies sending incorrectly formed IP packets to a victim system to crash it.
There are typically two different levels of malformed packet attacks. During IP address attacks, the packet contains the same
source and destination IP addresses. This confuses the victim operating system and causes it to crash. During IP packet options
attacks, a malformed packet randomizes optional fields within an IP packet and sets all quality of service bits to one, so victim
systems will be compelled to utilize additional processing time to analyze traffic. When this attack is repeated using multiple
agents, this will lead to a shutdown of the processing ability in victim systems.
Next Page >
|
