2 cissp ® Official Study Guide Eighth Edition

Download 19,3 Mb.

Pdf ko'rish

bet	525/881
Sana	08.04.2023
Hajmi	19,3 Mb.
	#925879

1 ... 521 522 523 524 525 526 527 528 ... 881

Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

DoS and DDoS
A
denial-of-service
(DoS)
attack is a resource consumption attack that has the primary goal
of preventing legitimate activity on a victimized system. A DoS attack renders the target
unable to respond to legitimate traffic.
There are two basic forms of denial of service:
■
Attacks exploiting a vulnerability in hardware or software. This exploitation of a
weakness, error, or standard feature of software intends to cause a system to hang,
freeze, consume all system resources, and so on. The end result is that the victimized
computer is unable to process any legitimate tasks.
■
Attacks that flood the victim’s communication pipeline with garbage network traf-
fic. These attacks are sometimes called traffic generation or flooding attacks. The end
result is that the victimized computer is unable to send or receive legitimate network
communications.
In either case, the victim has been denied the ability to perform normal operations
(services).
DoS isn’t a single attack but rather an entire class of attacks. Some attacks exploit flaws
in operating system software, whereas others focus on installed applications, services,
or protocols. Some attacks exploit specific protocols, including Internet Protocol (IP),
Transmission Control Protocol (TCP), Internet Control Message Protocol (ICMP), and User
Datagram Protocol (UDP).
DoS attacks typically occur between one attacker and one victim. However, they aren’t
always that simple. Most DoS attacks employ some form of intermediary system (usually an

Prevent or Mitigate Network Attacks
565
unwilling and unknowing participant) to hide the attacker from the victim. For example, if
an attacker sends attack packets directly to a victim, it’s possible for the victim to discover
who the attacker is. This is made more difficult, although not impossible, through the use
of spoofing (described in more detail elsewhere in this chapter).
Many DoS attacks begin by compromising or infiltrating one or more intermediary
systems that then serve as launch points or attack platforms. These intermediary systems
are commonly referred to as secondary victims. The attacker installs remote-control tools,
often called
bots
,
zombies
, or
agents
, onto these systems. Then, at an appointed time or in
response to a launch command from the attacker, the DoS attack is conducted against the
victim. The victim may be able to discover zombie systems that are causing the DoS attack
but probably won’t be able to track down the actual attacker. Attacks involving zombie
systems are known as
distributed denial-of-service (DDoS)
attacks. Deployments of
numerous bots or zombies across numerous unsuspecting secondary victims have become
known as
botnets
.
Here are some countermeasures and safeguards against these attacks:
■
Add firewalls, routers, and intrusion detection systems (IDSs) that detect DoS traffic
and automatically block the port or filter out packets based on the source or destina-
tion address.
■
Maintain good contact with your service provider in order to request filtering services
when a DoS occurs.
■
Disable echo replies on external systems.
■
Disable broadcast features on border systems.
■
Block spoofed packets from entering or leaving your network.
■
Keep all systems patched with the most current security updates from vendors.
■
Consider commercial DoS protection/response services like CloudFlare’s DDoS mitiga-
tion or Prolexic. These can be expensive, but they are often effective.
For further discussion of DoS and DDoS, see Chapter 17, “Preventing and Responding
to Incidents.”

Download 19,3 Mb.

Do'stlaringiz bilan baham:

1 ... 521 522 523 524 525 526 527 528 ... 881