This protocol enables network-connected devices to communicate and synchronize time information, which is communicated over UDP. For example, an attacker might submit a single query of *.ibm.com to the DNS, which will then gather a massive volume of information related to subdomains of IBM.com.įigure 5 shows a similar attack using the Network Time Protocol (NTP). An amplification attack, on the other hand, targets a protocol in an attempt to amplify the response. In a reflection attack, a threat actor uses publicly available services, such as the Domain Name System (DNS), to attack the target networks. There are other variations of UDP flooding, such as reflection and amplification attacks. These requests force the host to look for the application that is running on those random ports (which may or may not exist) and flood the network with Internet Control Message Protocol (ICMP) destination unreachable packets, thereby blocking legitimate requests. It is easy to use a forged IP address in this type of attack since UDP does not require a three-way handshake to establish a connection. UDP flooding means overwhelming the target network with packets to random UDP ports with a forged IP address. The diagrams below show a TCP flood attack in which the File Transfer Protocol (FTP) service is flooded with huge volumes of TCP traffic, which eventually brings down the service.įigure 2: A user connecting to an FTP server hosted on a corporate networkįigure 3: An attacker using bots to send malicious traffic to the target port using the LOIC toolįigure 4: A client unable to access the FTP service after an attacker has flooded it with corrupt FTP packets UDP Flooding The magnitude of this type of attack is commonly measured in bits or packets per second. In a TCP flooding attack, threat actors generate a large quantity of traffic to block access to the end resource. Let’s take a closer look at how these attacks work. Volume-Based DDoS AttacksĬybercriminals typically leverage tools, such as Low Orbit Ion Cannon (LOIC) and Wireshark to facilitate volume-based attacks through techniques like Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) flooding. Now let’s examine how threat actors can exploit these systems to launch various types of DoS and DDoS attacks. The diagram shows a network designed with routers and configured with Open Shortest Path First (OSPF), the company’s internal network, Border Gateway Protocol (BGP), the edge router that reveals the internet service provider (ISP) to the end users and clients and other network devices. To understand this, first let’s break down the network diagram below:įigure 1: A corporate network configured with OSPF and BGP
We can demonstrate how these attacks work in a simulated environment using Graphical Network Simulator-3 (GNS3), a network simulation tool. The three major types of DDoS variants are: In the first installment of this series, we demonstrated how cybercriminals could circumvent DoS defenses by launching distributed DDoS attacks. Be sure to read part one for an overview of denial-of-service (DoS) and DDoS attack variants and potential consequences for cloud service providers (CSPs) and their clients.
PERFORMING A SLOWLORIS ATTACK SERIES
This is the second installment in a two-part series about distributed denial-of-service (DDoS) attacks and mitigation on cloud.
0 kommentar(er)
