written 5.2 years ago by |
1. Flood attack: This is the earliest form of DoS attack and is also known as ping flood. It is based on an attacker simply sending the victim overwhelming number of ping packets, usually by using the "ping" command, which result into more traffic than the victim can handle. This requires the attacker to have a faster network connection than the victim (i.e., access to greater bandwidth than the victim). It is very simple to launch, but to prevent it completely is the most difficult.
2. Ping of death attack: The ping of death attack sends oversized Internet Control Message Protocol (ICMP) packets, and it is one of the core protocols of the IP Suite. Some systems, upon receiving the oversize packet, will crash, freeze or reboot, resulting in DoS.
3. SYN attack: It is also termed as TCP SYN Flooding. In the Transmission Control Protocol (TCP) handshaking of network connections is done with SYN and ACK messages. An attacker initiates a TCP connection to the server. with an SYN (using a legitimate or spoofed source address). The server replies with an SYN-ACK. The client then does not send back an ACK, causing the server (i.e., target system) to allocate memory for the pending connection and wait. This fills up the buffer space for SYN messages on the target system, preventing other systems on the network from communicating with the target system. Figure below explains how the DoS attack takes place.
4. Teardrop attack: The teardrop attack is an attack where fragmented packets are forged to overlap each other when the receiving host tries to reassemble them. IP's packet fragmentation algorithm is used to send corrupted packets to confuse the victim and may hang the system.
5. Smurf attack: It is a way of generating significant computer network traffic on a victim network. This is a type of DoS attack that floods a target system via spoofed broadcast ping messages. This attack consists of a host sending an ICMP echo request (ping) to a network broadcast address. Every host on the network receives the ICMP echo request and sends back an ICMP echo response inundating the initiator with network traffic: On a multiaccess broadcast network, hundreds of machines might reply to each packet. This creates a magnified DoS attack of ping replies, flooding the primary victim.
6. Nuke: Nuke is an old DoS attack against computer networks consisting of fragmented or otherwise invalid ICMP packets sent to the target. It is achieved by using a modified ping utility to repeatedly send this corrupt data, thus slowing down the affected computer until it comes to a complete stop.