A Denial-of-service (DoS) attack

A Denial-of-service (DoS) attack is an attack basically designed for preventing service or a

system in normal way.
A DoS attack is capable of exploiting the known vulnerability of the system that is related to a
particular operating system or application.
Even DoS can attack on protocols or services and exploit its features or weaknesses. In Denial-
of-Service attack, attacker tries to deny the services to the authorized user to access the specific
information or computer or network.
This can be achieved by following ways:
1. Crashing the system.
2. Taking system offline
3. Sending so many requests to the machine in overwhelming manner.
The major purpose of this attack is to prevent the targeted system or machine from accessing
data or information.
This attack can be even used with some other activity for gaining unauthorized access to the
computer or network.
There is a typical example of a SYN flood attack. This attack prevents the services to a system
temporarily for getting an advantage of trusted relationship that exists between that particular
system and another system or network.
SYN flooding works like networks work using the principle of TCP/IP. DoS attacks are
executed using a single attacking system.
If a DoS attack uses multiple attacking systems, it is known as distributed denial-of-
service (DDoS) attack.
The main objective of a DDoS attack is to deny the access or usage to a particular service or
system. These attacks were famous in year 2000. There were attacks on eBay, CNN, Amazon,
and Yahoo websites.
Spoofing
1.Packet Spoofing:
Spoofing can be defined as a technique in which it looks like that the data has come from the
various sources. It is possible to execute such a technique in TCP/IP as the TCP/IP protocol
provides user friendly environment.
In the process of designing TCP/IP protocol, there was as assumption that the users who gets
an access to the network layer are going to be privileged and trusted users.
While sending packet from one system, packets contain source IP address, destination IP
address and port number.
In source, you will have to fill your own address, but if you fill another address than yours,
nothing will stop you. This is one of the forms of spoofing.

2. IP addresses spoofing:
In IP address spoofing, it may happen that intruder may try to send the packets from the outside
but with the address of internal host. This is called as IP address spoofing.
The simple way to avoid this is, when packets are received on external interface with internal
address, they need to be discarded.
This mechanism of discarding generally happens at the router that is external to the firewall
and due care is taken.
3. Source Address Spoofing:
We have seen that packet spoofing is possible by changing its source IP address. In many DoS
attacks, the type of spoofing used is forged source address.
If the hacker gets enough privileges for accessing the network, it is very easily possible to do
spoofing with the help of a forged source address.
This kind of privileged access can be given through the raw socket interface on various
operating systems. This interface is basically available for custom network testing and research
for network protocols.
Because of this facility, attackers can make easy attack through this. If this facility is not
available, in that case attacker would have to install a custom device driver on the source system
for getting this level of access, With the help of raw access to the network, attacker generates
huge volume of packets. They will be sent to the targeted system with their destination
addresses.
The source address given to each packet is random. We may consider flooding ping attack as
an example where custom ICMP echo request packet would be flowing over the same path
right from source to the destination targeted system.
The targeted machine will be flooded because of the requests. There will be a heavy traffic
directed to the targeted machine.
Some of the packets will be discarded; some will reach to the destination. Few might be sent
back to the source with some error. But the heavy traffic of packets will be there in the path of
targeted machine.
To avoid this problem, a cooperation of network engineers is required. It is not easy to solve
this problem.

A Man-in-the-middle attack
A Man-in-the-middle attack is a kind of attack that happens when attackers are able to place or
keep themselves between two communicating hosts.
To achieve this type of attack, attacker has to ensure that whatever communication is going on,
that has to be routed through the attacker's host.
For making this possible, attacker has to compromise the route of communication. Once the
root is compromised, attacker can keep a watch on the traffic and then block or modify the
traffic.
At the targeted host, there is sign of normalcy where communication looks normal because all
expected replies are received.
Consider the example that X and Y are trying to communicate with each other using encrypted
messages. First suppose X will request Y to give his public key and X will send his public key
to the Y.
Now since the attacker is in "man-in-the-middle attack", public keys will be en-routed through
hacker's host. Hacker now has both public keys. The public key sent by the X will be received
by the attacker. Attacker will send his own public key to the Y.
Now when Y sends his public key to X, attacker will receive it and he will send his own public
key to the X. Now X and Y start communication.
Whatever communication is taking place, it is encrypted with hacker's public key. So whatever
exchange is taking place, attacker can now decrypt it. Both of them send and receive the
messages and they feel that their communication is secured.
TCP/IP hacking
The process of capturing the control of existing session between client and server is known as
TCP/IP hacking and session hacking.
In this attack, attacker gets an advantage of readily available authentication mechanism done
by the user. User is already logged in to the system and session is going on. No efforts regarding
this need to be done by hacker.
Once the authentication related sequence of steps are completed by the user, attacker takes over
the session and now session is conducted by the hacker and not the user.
Hacker does a provision so that user won't come to know that his system is being attacked. He
attacks the user system and performs DoS attack. User feels that there is extra traffic over the
network and do not feel any unusual thing is happening.
To prevent the user from noticing anything unusual, the attacker can decide to attack the user's
system and perform a DoS attack on it, taking down so that the user, and the system, will not
notice the extra traffic that is taking place.
Against the Telnet and web sessions, hijack attacks are used. Like Sequence numbers in
spoofing are also applicable to the session hijacking. In this attack, hijacker will have to provide
the appropriate sequence of number to continue the right sessions.