The following article provides an outline of Types of DOS Attacks. It is a malicious attack that occurs in online services and makes them unavailable to the end-users. It is made by suspending the servers or interrupting their services in hosting the server. It is launched from several sets of devices which is globally referred to as the botnet. It is a discrete set of services which attacks only in a single path of interconnected systems to throw a target with malicious traffic. It is an important reason for the happening of the denial of service attack.
Different Types of DoS Attacks
Given below are the different types of attacks:
- Volume-based attacks
- Protocol attacks
- Application-layer attacks
- UDP attacks
- ICMP attacks
- Ping of death
- NTP application
- HTTP flood
1. Denial of Service Attacks
The DOS attacks can be broadly divided into three different types:
- DoS attacks based on volume: The goal of this attack is to saturate the bandwidth of the affected site and magnitude is calibrated in bits per second. This type of attacks includes spoof-packet flood, ICMP flood and UDP flood.
- DoS attacks based on the protocol: The goal of this attack is to consume the resources of real servers or the component implemented for intermediate communication such as load balancer and firewall. The transmission rate is measured in packets per second. This type of attacks includes Ping of Death, Smurf denial of services, SYN floods, and fragmented packet attacks.
- DoS attacks on the application layer: The aim of the attack is to break down the web server and it is measured in request per second. It has a specific area of targets such as Apache, OpenBSD and Windows. The example of these attacks is GET/POST floods and Low-and-Slow attacks.
2. UDP Attacks
UDP flood attacks it to target and flood random ports on the remote host. The host continuously checks for the application ports and when no port is found, it leaves a reply with ICMP that is destination unreachable packet message. This affects the host resources and leads to the inaccessibility of services. As the name implies, it affects and attacks the host with User Datagram Protocol packets (UDP).
3. ICMP Attacks
ICMP attacks consume both incoming and outgoing bandwidth because all the affected servers will frequently attempt to react with ICMP echo reply packets which result in shutdown or slow down of the entire system. It is similar to the UDP attacks but if approaches and affects the target with ICMP echo request packet and sends with a high transmission rate instead of waiting for any reply.
In the SYN flood attack, the requestor transmits the many SYN requests but never reacts to the response of host SYN-ACK or it transmits the SYN request from a spoofed or masked IP address. Now the host server, wait for the acknowledgment for every request from the receiver and the persistent binding of resources until the establishment of new connections which ultimately results in denial of services. It happens to exploit the defined weakness in the connection sequence of TCP. It is similar to a three-way handshake. When any SYN request needs to be initiated with TCP connection with any host servers, then it should be acknowledged by SYN-ACK responses and verified again by ACK messages from the requestor. Hence this type of attack affects the responses from the requestor making denial of services.
4. Ping of Death
This type of attack includes transmitting continuous malfunctioned or malicious pings to the server. The maximum packet length of the IP packet including the header is 65535 bytes. The data link layer has the limits of maximum frame size as 1500 bytes over an Ethernet. In this scenario, a maximum IP packet is segmented across multiple IP fragments, and receiving host possesses the IP packets or fragments to complete the entire IP.
The malware manipulation of fragment data ends up with recipient packets that are higher than 65535 bytes when it is reassembled. It can be overwhelmed from the memory space allocated for the packet which results in denial of service for even legitimate and real packets.
This type of attack gives a huge impact such as enabling one web server by bringing down the other web server without impacting other ports or services of the host network. It does this by holding multiple connections to the host web server as long as possible and achieves this by establishing a connection to the host server but it transmits only partial requests.
It persistently transmits more headers of HTTP but never satisfies the request. The host system maintains the open port or services for this false connection which affects the space for legitimate requests. As the name insists, this causes a slowdown of the entire system by overwhelming of concurrent connection range.
6. Amplification of NTP
In this type of attack, the hacker attacks the public accessing Network Time Protocols to overflow a host server by generating UDP traffic. It is described as amplification stabbing since the ratio of a query to response in such cases lies in the range of 1:20 or 1:200 or much more than that. It signifies that the hacker gets a list of open NTP servers and produces the maximum volume of DoS attacks and distressing maximum bandwidth. This type of attack only focuses on NTP protocols.
7. HTTP Flood
Here the hacker attacks the legitimate and generic HTTP GET or POST response to exploits a web application or web server. It doesn’t use any spoofing techniques or reflection methods or any malfunctioned packets. It consumes only minimum bandwidth than other types of attacks to slow down the application or a host server. It is more effective when it pushes the system or application to allot maximum possible resources in response to every unit request.