DoS Methods – ICMP and SYN flood, Teardrop and Low-rate DoS attacks

ICMP flood

Smurf attack is one specific form of a flooding DoS attack that occurs on the public Internet. It solely depends on incorrect configuration network equipments that permit packets that are supposed to be sent to all hosts of computer on a specific network not via any machine but only via network’s broadcast address. Then the network actually works or serves as a smurf amplifier. In an attack like this, the killers or the perpetrators will send IP packets in huge number displaying the fake source address as to show that it is a victim’s address. The bandwidth of the network is consumed quite quickly, and it also stops legal packets from reaching their destination. In order to fight against Denial of Service attacks on the Internet, there are services such as the Smurf Amplifier Registry that have given the ability to the internet service providers to identify the networks with incorrect configuration and also to take the right action like filtering.

Ping flood is a method that relies on sending a large number of ping packets to the victim, and this is done by using the “ping” command from unix-like hosts (on Window systems the function of -t flag is less poisonous/   malignant). Launching it is quite simple, as it requires access to more bandwidth than the victim.

Ping of death is another method that is based on sending a malformed ping packet to the victim, as a result of which the system can crash.

SYN flood

SYN flood is a result of TCP/SYN packets flooding sent by host, mostly with a fake address of the sender. The handling of these packets is done in the same manner like connection request, which makes the server to produce a semi-open connection, as it sends TCP/SYN-ACK packet back (Approve/Acknowledge), and waits for a packet to be received as a response from the address of a sender (ACK Packet’s response). Actually the sender never responds as his address is not real. The saturation of available connections takes place by the semi-open connections that the server can actually make, so that it cannot respond to legal requests even after the attack is over.

Teardrop attacks

In case of a Teardrop attack the injured IP fragments are sent to the target machine with expanded, overlapping, payloads. As there is a bug in the TCP/IP fragmentation re-assembly code so this can result in crashing different operating systems. Some operating systems that are vulnerable to this attack includes   Windows 3.1x, Windows 95 and Windows NT operating systems, as well as Linux versions (prior to versions 2.0.32 and 2.1.63).

Low-rate Denial-of-Service attacks

The Low-rate DoS (LDoS) this type of attack actually exploits the TCP’s slow-time-scale dynamics of retransmission time-out (RTO) mechanisms so that it reduces TCP’s output. Attacker can make the repeated entry of a TCP flow to a RTO state as the attacker can send the bursts at high-rate within short-duration, and this can be repeated periodically at slower retransmission time-out time-scales. This results in reduced output of TCP.

Leave a Reply

%d bloggers like this: