Denial of Service Attack
Denial of Service (DoS) is the longest and most common form of attacks. Strictly speaking, a denial of service attack is not a specific attack method, but the result of the attack, in the end, the target system cannot continue to provide normal services due to damage to some extent, and even lead to physical paralysis or crash. The specific operation method can be a variety of methods, a single means, or a combination of multiple methods, the results are the same, that is, legal users cannot access the required information.
DoS attacks can be divided into two types.
The first is to paralyze a system or network. If attackers send illegal data or data packets, the system can crash or restart. Essentially, attackers initiate a Denial-of-Service attack because no one can use resources. From the attacker's perspective, the attack is stimulated by the fact that a system cannot be accessed by sending only a small amount of data packets. In most cases, administrator intervention is required to restart or shut down the system. Therefore, this type of attack is the most destructive, because it can be damaged by a little bit, but the repair requires human intervention.
The second type of attack is to send a large amount of information to the system or network, so that the system or network cannot respond. For example, if a system cannot process 100 data packets within one minute, but the attacker sends 1000 data packets to the system every minute, the user will not be able to access the system when the legal user wants to connect to the system, because the system resources are insufficient. During this attack, attackers must continuously send data packets to the system. When an attacker does not send data packets to the system, the attack stops and the system recovers. This attack method takes a lot of effort for attackers because they must constantly send data. Sometimes, such attacks paralyze the system. However, in most cases, restoring the system requires only a small amount of human intervention.
These two attacks can be performed either on a local machine or through a network.
※Denial of Service attack type
1 Ping of Death
According to TCP/IP specifications, the maximum length of a package is 65536 bytes. Although the length of a package cannot exceed 65536 bytes, the overlapping of multiple segments of a package can be achieved. When a host receives a packet larger than 65536 bytes, it is under the Ping of Death attack, which will cause host downtime.
2 Teardrop
When an IP packet is transmitted over the network, the packet can be divided into smaller segments. Attackers can perform TearDrop attacks by sending two (or more) packets. The offset of the first package is 0, the length is N, and the offset of the second package is less than N. To merge these data segments, the TCP/IP stack allocates unusually large resources, resulting in a lack of system resources or even machine restart.
3 Land
The attacker sets both the source address and destination address of a packet as the address of the target host, and then sends the packet to the attacked host through IP spoofing, this type of package can cause the attacked host to fall into an endless loop by trying to establish a connection with itself, thus greatly reducing the system performance.
4 Smurf
This attack sends a packet with a specific request (such as an ICMP Response Request) to the broadcast address of a subnet, and disguise the source address as the host address to be attacked. All hosts on the subnet respond to the broadcast packet request and send packets to the attacked host, which causes the host to be attacked.
5 SYN flood
The attack sends a SYN packet to the target host at multiple random source host addresses, but does not respond after receiving the syn ack from the target host, the target host creates a large number of connection queues for these source hosts, and has not received the ACK to maintain these queues, resulting in a large amount of resource consumption and cannot provide services to normal requests.
6 CPU Hog
A Denial-of-Service attack that paralyzes a computer running NT by exhausting system resources, and uses Windows NT to schedule the current running program.
7. Win Nuke
It is a network-level attack targeted at the target host service. Attackers send large amounts of data to the victim host port 139, that is, netbios. Because the data is not required by the target host, the target host will crash.
8 RPC Locator
The attacker remotely connects to port 135 of the victim's machine and sends data, resulting in full use of CPU resources. Depending on program settings and whether there are other programs running, such attacks can make the affected computer run slowly or stop responding. In either case, the computer must be restarted to resume normal operation.
Denial of Service Attack
Denial of Service (DoS) is the longest and most common form of attacks. Strictly speaking, a denial of service attack is not a specific attack method, but the result of the attack, in the end, the target system cannot continue to provide normal services due to damage to some extent, and even lead to physical paralysis or crash. The specific operation method can be a variety of methods, a single means, or a combination of multiple methods, the results are the same, that is, legal users cannot access the required information.
DoS attacks can be divided into two types.
The first is to paralyze a system or network. If attackers send illegal data or data packets, the system can crash or restart. Essentially, attackers initiate a Denial-of-Service attack because no one can use resources. From the attacker's perspective, the attack is stimulated by the fact that a system cannot be accessed by sending only a small amount of data packets. In most cases, administrator intervention is required to restart or shut down the system. Therefore, this type of attack is the most destructive, because it can be damaged by a little bit, but the repair requires human intervention.
The second type of attack is to send a large amount of information to the system or network, so that the system or network cannot respond. For example, if a system cannot process 100 data packets within one minute, but the attacker sends 1000 data packets to the system every minute, the user will not be able to access the system when the legal user wants to connect to the system, because the system resources are insufficient. During this attack, attackers must continuously send data packets to the system. When an attacker does not send data packets to the system, the attack stops and the system recovers. This attack method takes a lot of effort for attackers because they must constantly send data. Sometimes, such attacks paralyze the system. However, in most cases, restoring the system requires only a small amount of human intervention.
These two attacks can be performed either on a local machine or through a network.
※Denial of Service attack type
1 Ping of Death
According to TCP/IP specifications, the maximum length of a package is 65536 bytes. Although the length of a package cannot exceed 65536 bytes, the overlapping of multiple segments of a package can be achieved. When a host receives a packet larger than 65536 bytes, it is under the Ping of Death attack, which will cause host downtime.
2 Teardrop
When an IP packet is transmitted over the network, the packet can be divided into smaller segments. Attackers can perform TearDrop attacks by sending two (or more) packets. The offset of the first package is 0, the length is N, and the offset of the second package is less than N. To merge these data segments, the TCP/IP stack allocates unusually large resources, resulting in a lack of system resources or even machine restart.
3 Land
The attacker sets both the source address and destination address of a packet as the address of the target host, and then sends the packet to the attacked host through IP spoofing, this type of package can cause the attacked host to fall into an endless loop by trying to establish a connection with itself, thus greatly reducing the system performance.
4 Smurf
This attack sends a packet with a specific request (such as an ICMP Response Request) to the broadcast address of a subnet, and disguise the source address as the host address to be attacked. All hosts on the subnet respond to the broadcast packet request and send packets to the attacked host, which causes the host to be attacked.
5 SYN flood
The attack sends a SYN packet to the target host at multiple random source host addresses, but does not respond after receiving the syn ack from the target host, the target host creates a large number of connection queues for these source hosts, and has not received the ACK to maintain these queues, resulting in a large amount of resource consumption and cannot provide services to normal requests.
6 CPU Hog
A Denial-of-Service attack that paralyzes a computer running NT by exhausting system resources, and uses Windows NT to schedule the current running program.
7. Win Nuke
It is a network-level attack targeted at the target host service. Attackers send large amounts of data to the victim host port 139, that is, netbios. Because the data is not required by the target host, the target host will crash.
8 RPC Locator
The attacker remotely connects to port 135 of the victim's machine and sends data, resulting in full use of CPU resources. Depending on program settings and whether there are other programs running, such attacks can make the affected computer run slowly or stop responding. In either case, the computer must be restarted to resume normal operation.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
