Page 379 - StudyBook.pdf
P. 379
Infrastructure Security: Devices and Media • Chapter 6 363
Denial of Service Attacks
Damage & Defense… such as a firewall with packets to the point that it can no longer accept
All firewalls are vulnerable to Denial of Service (DoS) attacks. These
attacks attempt to render a network inaccessible by flooding a device
valid packets. This works by overloading the processor of the firewall by
forcing it to attempt to process a number of packets far past its limita-
tions. By performing a DoS attack directly against a firewall, an attacker
can get the firewall to overload its buffers and start letting all traffic
through without filtering it. This is one method used to access internal
networks protected by firewalls. If a technician is alerted to an attack of
this type, they can block the specific IP address that the attack is coming
from at their router.
An alternative attack that is more difficult to defend against is the
Distributed Denial of Service (DDoS) attack. This attack is worse, because
it can come from a large number of computers at the same time. This is
accomplished either by the attacker having a large distributed network
of systems all over the world (unlikely) or by infecting normal users’ com-
puters with a Trojan horse application, which allows the attacker to force
the systems to attack specific targets without the end user’s knowledge.
These end-user computers are systems that have been attacked in the
past and infected with a Trojan horse by the attacker. By doing this, the
attacker is able to set up a large number of systems (called zombies) to
perform a DoS attack at the same time. This type of attack constitutes a
DDoS attack. Performing an attack in this manner is more effective due
to the number of packets being sent. In addition, it introduces another
layer of systems between the attacker and the target, making the
attacker more difficult to trace.
A port is a connection point into a device. Ports can be physical, such as serial
ports or parallel ports, or they can be logical. Logical ports are ports used by net-
working protocols to define a network connection point to a device. Using
Transmission Control Protocol/Internet Protocol (TCP/IP), both TCP and User
Datagram Protocol (UDP) logical ports are used as connection points to a network
device. Since a network device can have thousands of connections active at any
given time, these ports are used to differentiate between the connections to the
device.
A port is described as well known for a particular service when it is normal
and common to find that particular software running at that particular port
number. For example,Web servers run on port 80 by default, and File Transfer
Protocol (FTP) file transfers use ports 20 and 21 on the server when it is in active
www.syngress.com
