T2021_15 Denial-of-Service Attacks (10th September 2021)

Denial-of-service attacks

A Denial-of-Service1 (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target machine with traffic or sending unnecessary data that can trigger a crash.

Common DoS Attacks

DoS attacks can be classified into two different methods, these are flooding or crashing services.

Flood attacks occur when a network server receives a large volume of traffic of which it is unable to buffer. Flood attacks include but are not limited to:

  • Buffer overflow attacks – this kind of attack sends a large amount of traffic to a targeted network, exceeding the limit it was designed to handle.

  • ICMP flood – use leverages on misconfigured Information Communication Technology (ICT) devices by forwarding spoofed packets that ping every computer on a targeted network.

  • SYN flood – sends a handshake request to a server but never completes the handshake. This continues until all open ports are saturated with incoming traffic, depriving authentic users of connecting.

    Crashing services attacks target vulnerabilities within the target system that causes it to crash.

    Indicators of a DoS attack

    While it may be very hard to distinguish this attack from other network connectivity errors of high bandwidth consumption without an initial investigation, here are some network behaviour patterns that can indicate a DoS attack is underway.

How to avoid this attack

Although there is no full proof to completely avoid becoming a target of a DoS attack, they’re proactive measures one can take to mitigate the effects of the attack. These prevention methods are:

  • Install and maintain propriety antivirus software – Always use the paid version of antiviruses to have the complete security package.

  • Install a firewall and configure it to protect against incoming traffic and outgoing traffic on your network and to regularly monitor your network usage.

  • Securely segmenting networks and data centres – Implement the creation of a Virtual Local Area Network (VLAN) to have networks within a Local Area Network of a company separated by departments, for example, the accounts department must be on an independent network from the operations department of a company.

  • Configuration applications and protocols for resiliency – security sensors such as Intrusion Prevention System and Intrusion Detection System (IPS & IDS) placed at the correct position within the network.

  • Strengthening bandwidth capabilities – have redundancy bandwidth along with adequate data rate per network.

  • Create a robust DoS attack response plan – the creation of an Identify, Mitigate and Recovery plan (IMR).

  • Fortified your security posture – applying security measures on all devices, to avoid compromise as well as keeping all software updated.

    The Guyana National CIRT recommends that users and administrators Adhere to this tip and implement it where necessary.

PDF Download: Denial of Service Attacks.pdf
References