DoS attack prevents authorized users from using services by consuming system resources. Most times DoS attack is regarded as trivial but in a sense it is a consequentially threat. DoS can cause potential damage to networks. Not only are they easy to execute, but its among the most difficult to eliminate. DoS attacks deserve special attention from network security administrators.
There are different types of DoS attacks. The following are some examples of common DoS threats:
Ping of Death.
A ping of death attack gained prominence in the late 1990s. Then were the older operating systems, which were not as secured as the recent ones. Ping of death type of attack took advantage of vulnerabilities or loop holes in older operating systems, what it does was to modified the IP portion of a ping packet header to indicate that there is more data in the packet than there actually was. A ping is normally 64 or 84 bytes, while a ping of death could be up to 65,536 bytes. Sending a ping of this size may crash an older target computer. Most networks are no longer susceptible to this type of attack.
A SYN flood attack exploits the TCP three-way handshake. It involves sending multiple SYN requests (1,000+) to a targeted server. The server replies with the usual SYN-ACK response, but the malicious host never responds with the final ACK to complete the handshake. This ties up the server until it eventually runs out of resources and cannot respond to a valid host request.
Other types of DoS attacks include:
i. E-mail bombs – Programs send bulk e-mails to individuals, lists, or domains, monopolizing e-mail services.
This type of attack is executed by flooding network links with illegitimate data. This data can overwhelm an Internet link, thereby enabling legitimate traffic to be dropped.
DoS and DDoS attacks can be controlled by the implementation of special anti-spoof and anti-DoS Access Control Lists.
ISPs can also implement traffic rate, limiting the amount of unnecessary traffic that crosses network segments. A common example is to limit the amount of ICMP traffic that is allowed into a network, because this traffic is used only for problem-solving purposes.
Read more on Denial of Service Attack
Defence against DoS attacks on Cisco routers
Other Network Attacks