I am undertaking a reading unit this semester focused on Denial of Service [DoS] attacks and their mitigation. As there are no subjects dedicated to this field a reading unit was the best option. The aims of the unit will be:

  1. Study system vulnerabilities and existing DoS attacks
  2. Propose a new method to mitigate one of the DoS attacks

I have not investigated DoS attacks on anything other than an introductory level prior to this so my blog notes will start from that point. With this in mind the best beginning is in definitions. Most of this introductory post will glean resources from wikipedia’s DoS page http://en.wikipedia.org/wiki/Denial-of-service_attack, see their reference list for further reading.

Denial of Service Attack:  To slow network performance or unavailability of services (web services). Issues can spread to network branches surrounding the targeted system. In some cases entire geographical regions can be prevented from accessing the external network.

DoS attacks can also be characterized where and attacker explicitly attempts to prevent legitimate users from accessing specific services. There are two major classifications:

  • Attacks which crash a server
  • Attacks which flood a server
Stachledraht DDoS attack, source: Wikipedia

There are five categories that DoS attacks can be placed:

  1. Consumption of computation resources (ie: HTTP-GET DDoS flood attack, http://teamxpc.com/forum/topic/155918-http-get-dos-attack-paper/)
  2. Disruption of configuration information  (ie: DNS Poisoning attack, http://www.spamstopshere.com/blog/2008/08/07/recent-dns-poisoning-exploit-used-for-dos-attacks/)
  3. Disruption of state information (ie: Resetting of TCP Sessions, http://kerneltrap.org/node/3072 , http://en.wikipedia.org/wiki/TCP_reset_attack)
  4. Disruption of physical network components (ie: physical access to servers, phlashing attack/PDoS, http://hackaday.com/2008/05/20/phlashing-denial-of-service-attack-the-new-hype/)
  5. Obstructing communication media (ie: replay attacks on wifi, http://www.aircrack-ng.org/doku.php?id=simple_wep_crack&DokuWiki=9a77f3d58e7c5e4adc840b60b1a2197e, cable cuts, http://www.guardian.co.uk/world/2011/apr/06/georgian-woman-cuts-web-access)

Some examples of known DoS attacks:


Some additional reading on DoS attack definitions: