--Originally published at The shield of the world
Hello again, today the topic is something more common or at least something everyone has lived.
As a gamer I use to play PS1, PS2. And when I make the change to the MMORPG games and some others MMO Games I use to think f*ck this game when I cannot login because I was the player 109290321890431904139804123 (yep, random number) and when I grow up I actually start to looking for an answer to this kind of stuff. In that point in my life was when I meet the Denial of Service and the Distributed Denial of Service.
So a Denial of Service(DoS) attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. Some examples are…
- Attempts to “flood” a network, like I said been the number 3409340934903409 to enter is a pain in the neck.
- Attempts to disrupt connections between two machines, thereby preventing the access to a service. Here my example is when I used to play Dofus, Tibia and LoL. You were in a quest, hunting or just playing and the whole squad got disconnected.
- Attempts to prevent an specific user from accessing a service. In Tibia when a player (don’t remember the name) was about to got to a really high level and was a competition between 2-3 other players, there are rumors that people actually attack that player to avoid him from entering the game.
- Attempts to disrupt service to a specific system or person.
Sometimes a DoS attack may be part of a larger attack.
Also Illegitimate use of resources may result in a DoS. For example, an intruder that uses your anonymous ftp area as a place to store illegal copies of commercial software, consuming disk space and generating traffic.
Some attacks can be executed with a very limited amount of resources against a large, sophisticated site. This type of attack is called an “asymetric attack”. For example, an attacker uses his old PC with a slow connection modem, this attacker may be able to disable much faster and more sophisticated networks and machines.
Modes of attack
Here I won’t describe each of the modes I will list, this is because I have planned another post with Kali Linux and Packet Tracer.
DoS attacks come in variety of forms and aim at a variety of services.
There are three basic types of attacks:
- Consumption of scarce, limited, or non-renewable resources.
- destruction or alteration of configuration information
- physical destruction or alteration of network components.
I have to say that the first one is probably my favorite.
Prevention and response
DoS can result in a significant loss of time and money for many organizations. You should not spare in the security and methods to avoid any kind of attacks.
Some advice by the professionals are…
- Disable any unused or unneeded network services. This can limit the ability of an intruder to take advantage of those services to execute a DoS attack.
- Enable quota systems on your OS if they are available. You should also implement disk partitions or volumes, consider partitioning your file system so as to separate critical functions from other activity.
- Observe your system performance and establish baselines for ordinary activity. Use the baseline to gauge unusual levels of disk activity, CPU usage or network traffic.
- Disk space can be restricted by implementing disk quotas which alert a system administrator before a user consumes too much disk space or a partition becomes full.
- Routinely examine your physical security with respect to your current needs. Consider servers, routers, unattended terminals, network access points, wiring closets, environmental systems such as air and power, and other components of your system.
- Use Tripwire or a similar tool to detect changes in configuration information or other files.
- Invest in and maintain “hot spares” – machines that can be placed into service quickly in the event that a similar machine is disabled.
- Invest in redundant and fault-tolerant network configurations.
- Establish and maintain regular backup schedules and policies, particularly for important configuration information.
- Establish and maintain appropriate password policies, especially access to highly privileged accounts such as UNIX root or Microsoft Windows NT Administrator.