In simple terms, DoS attacks affect systems or networks by exhausting resources or exploiting vulnerabilities. DoS attacks may be broadly classified into different types based on the techniques used by the attackers. In its Hacker Intelligence Report, Imperva categorizes DoS attacks as IP attacks on the network bandwidth, TCP attacks on the server sockets, HTTP attacks on the Web server threads and Web application attacks on CPU resources.3
Some of the older types of DoS attacks include the Flood Attack, Ping of Death attack, SYN attack, Teardrop attack and Smurf attack.
- In Flood attacks, an attacker deliberately sends more traffic to a server than it can handle with the objective of making it unavailable to users.
- The Ping of Death attack takes advantage of a weakness in the early implementations of the TCP/IP protocol. In those early versions, sending a ping packet that was larger than specified would crash the system.
- SYN attacks exploit vulnerabilities in the TCP/IP protocol with the objective of exhausting server resources so that it is does not respond to legitimate traffic.
- The Teardrop attack involves sending corrupted IP packages to confuse and crash the targeted system.
DoS attacks have been evolving rapidly and newer threats are a much more advanced class of attack. “The challenge with [application-layer attacks] is that these attacks are harder to detect; they’re more stealthy, they don’t generate a large network bandwidth but they’re equally capable of taking down a network,”4 according to Arbor Networks.Newer forms of DoS attacks avoid signature-based defenses, leaving networks vulnerable. A few examples of these types of threats include:
- ICMP Flood or Smurf, in which an attacker depends on misconfigured network devices and uses a fake source IP address that makes it appear as if the attack is coming from inside the network.
- Slowloris is a highly targeted attack that enables one web server to take down another web server by holding open the maximum number of web connections for as long as possible. It does this in a stealthy mode without visibly affecting other services or ports on the target network.
- Zero-day DDoS attacks refers to attacks that target new or unknown vulnerabilities for which a fix may not be currently available.