Network Security Essentials — Notes9. DDOS

1.Distributed DoS: Attacker recrits a number of hosts to simulataneouly or coordinately launch an attack upon the target

2. What is it?

  a. Classification of DDOS in terms of resource type:

   i. Attack the host (SYN attack e.g.)

   ii. Attack the network (ICMP EHCO attack e.g.)


  b. SYN flood attack

    i.Zombie sends a TCP/IP SYN packet with an errorneous return IP address

   ii.Server then tries to establish a TCP connection with a wrong IP

  iii.Server will keep waiting since the "client" will never response

   iv.The server will soon be not able to accept more TCP/IP connections

  c.Attack: Use up server’s disk space by sending emails, or generate errors to increase log file, or sending files to FTP

  d.ICMP ECHO Attack => Will take down the server’s router

    Two models:

      i. Zombie sends "ICMP ECHO" to server with spoofed IP address  –> Server will then try to reply –> its router will be flooded

     ii. Zombine sends "ICMP EHCO" to a middle layer of computers with the server’s IP as the source IP  => This millde layer of coumptuters (Called Reflector) will then reply echoes to the Server => server’s router will be flooded

3. How to get Zombines?

   Vulnerability Scan => Zombine Software Implantation

Leave a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.