60     Chapter 2 • General Security Concepts: Attacks

             high-speed Internet access into the homes of users around the world.This has
             increased the likelihood of this type of attack, as home users replace their analog
             modems with Digital Subscriber Line (DSL) and cable modem technologies.
                 Another way of consuming bandwidth is to enlist the aid of loosely configured
             networks, causing them to send traffic directed at the victim. If enough networks
             can be duped into this type of behaviour, the victim’s network can be flooded with
             relative ease.These types of attacks are often called amplification attacks, with a smurf
             attack—which sends an Internet Control Message Protocol (ICMP) request to a
             broadcast address, causing all hosts in the network to send ICMP replies to the
             victim—being a classic one.
                 Other forms of resource consumption can include the reduction of connections
             available to legitimate users and the reduction of system resources available to the
             host operating system (OS) itself.“Denial of service” is a very broad term, and con-
             sequently various types of exploits can fit the description due to the circumstances
             surrounding their manifestation.A classic example is the Structured Query
             Language (SQL) Slammer worm, which exploited a known vulnerability in
             Microsoft SQL Server to generate excessive amounts of network traffic in attempts
             to reproduce itself to other vulnerable system, which resulted in a global slowdown
             of the Internet on January 25, 2003.
                 Another form of DoS is the now ever-present e-mail spam, or Unsolicited Bulk
             Email (UBE). Spammers can send a large amount of unwanted e-mail in a very
             short amount of time. If a company’s mail server is bombarded with spam, it may
             slow down, fail to receive valid e-mails, or even crash entirely. Getting spammed is
             a very real DoS danger and e-mail protection is now high on every company’s
             security checklist.

             SYN Attacks

             A SYN attack is a DoS attack that exploits a basic weakness found in the TCP/IP
             protocol, and its concept is fairly simple.As discussed later in this chapter, a standard
             Transmission Control Protocol (TCP) session consists of the two communicating
             hosts exchanging a SYN | SYN/acknowledgement (ACK) | ACK.The
             expected behavior is that the initiating host sends a SYN packet, to which the
             responding host will issue a SYN/ACK and wait for an ACK reply from the ini-
             tiator.With a SYN attack, or SYN flood, the attacker simply sends only the SYN
             packet, leaving the victim waiting for a reply.The attack occurs when the attacker
             sends thousands and thousands of SYN packets to the victim, forcing them to wait
             for replies that never come.While the host is waiting for so many replies, it can’t




          www.syngress.com