Page 75 - StudyBook.pdf
P. 75
General Security Concepts: Attacks • Chapter 2 59
The financial and publicity-related implications of an effective DoS attack are
hard to measure—at best they are embarrassing, and at worst they are a deathblow.
Companies reliant on Internet traffic and e-purchases are at particular risk from
DoS and DDoS attacks.The Web site is the engine that drives e-commerce, and
customers are won or lost on the basis of the site’s availability and speed. If a site is
inaccessible or unresponsive, an alternate virtual storefront is usually only a few
clicks away.A hacker, regardless of motive, knows that the best way to hurt an e-
business is to affect its Internet presence in some way. DoS attacks can be an effi-
cient means of achieving this end; the next sections cover two elemental types of
DoS attacks: Resource Consumption attacks (such as SYN flood attacks and amplifica-
tion attacks) and Malformed Packet attacks.
Resource Consumption Attacks
Computing resources are, by their very nature, finite.Administrators around the
world bemoan the fact that their infrastructures lack network bandwidth, central
processing unit (CPU) cycles, Random-Access Memory (RAM), and secondary
storage. Invariably, the lack of these resources leads to some form of degradation of
the services the computing infrastructure delivers to clients.The reality of having
finite resources is highlighted even further when an orchestrated attack consumes
these precious resources.
The consumption of resources involves the reduction of available resources,
whatever their nature, by using a directed attack. One of the more common forms
of a DoS attack targets network bandwidth. In particular, Internet connections and
the supporting devices are prime targets of this type of attack, due to their limited
bandwidth and their visibility to the rest of the Internet community.Very few busi-
nesses are in the fortunate position of having excessive Internet bandwidth, and
when a business relies on its ability to service client requests quickly and efficiently,
a bandwidth consumption attack can bring the company to its knees.
Resource consumption attacks predominantly originate from outside the local
network, but you should not rule out the possibility that the attack is from within.
These attacks usually take the form of a large number of packets directed at the
victim, a technique commonly known as flooding.
A target network can also be flooded when an attacker has more available
bandwidth than the victim and overwhelms the victim with pure brute force.This
situation is less likely to happen on a one-to-one basis if the target is a medium-
sized e-commerce site. Such companies generally have a larger “pipe” than their
attackers. On the other hand, the availability of broadband connectivity has driven
www.syngress.com
