CompTIA Security_ Deluxe Study Guide_ SY0-201 - Emmett Dulaney [41]
Two of the most common types of DoS attacks are the ping of death and the buffer overflow. The ping of death crashes a system by sending Internet Control Message Protocol (ICMP) packets (think echoes) that are larger than the system can handle. Buffer overflow attacks, as the name implies, attempt to put more data (usually long input strings) into the buffer than it can hold. Code Red, Slapper, and Slammer are all attacks that took advantage of buffer overflows, and sPing is an example of a ping of death.
In a null session attack, a user logs into Windows-based computers as a null user (bypassing basic authentication). This type of access is often used to launch a DoS attack.
A distributed denial-of-service (DDoS) attack is similar to a DoS attack. A DDoS attack amplifies the concepts of a DoS by using multiple computer systems to conduct the attack against a single organization. These attacks exploit the inherent weaknesses of dedicated networks such as DSL and cable. These permanently attached systems usually have little, if any, protection. An attacker can load an attack program onto dozens or even hundreds of computer systems that use DSL or cable modems. The attack program lies dormant on these computers until they get an attack signal from a master computer. The signal triggers the systems, which launch an attack simultaneously on the target network or system. Figure 2.1 shows an attack occurring and the master controller orchestrating the attack. The master controller may be another unsuspecting user. The systems taking direction from the master control computer are referred to as zombies. These systems merely carry out the instruction they’ve been given by the master computer.
Software running on zombie computers is often known as a botnet. Bots, by themselves, are but a form of software that runs automatically and autonomously (Google uses the Googlebot to find web pages and bring back values for the index), but botnet has come to be the word used to describe malicious software running on a zombie.
Remember that the difference between a DoS attack and a DDoS attack is that the latter uses multiple computers—all focused on one target.
The nasty part of this type of attack is that the machines used to carry out the attack belong to normal computer users. The attack gives no special warning to those users. When the attack is complete, the attack program may remove itself from the system or infect the unsuspecting user’s computer with a virus that destroys the hard drive, thereby wiping out the evidence.
FIGURE 2.1 Distributed denial-of-service attack
Can You Prevent Denial Attacks?
In general, there is little you can do to prevent DoS or DDoS attacks. Your best method of dealing with these types of attacks involves countermeasures and prevention. Many operating systems are particularly susceptible to these types of attacks. Fortunately, most operating system manufacturers have implemented updates to minimize their effects. Make sure your operating system and the applications you use are up-to-date.
Recognizing Common Attacks
Most attacks are designed to exploit potential weaknesses, which can be in the implementation of programs or in the protocols used in networks. Many types of attacks require a high level of sophistication and are rare, but you need to know about them so that, should they occur, you can identify what has happened in your network.
In the following sections, we’ll look at some common attacks more closely.
Back Door Attacks
The term back door attack can have two different meanings. The original term back door referred to troubleshooting and developer hooks into systems. During the development of a complicated