Protecting infrastructure elements against DoS and DDoS attacks

Michael Donner, Prolexic’s SVP and chief marketing officer explains DDoS attacks

Tags: Prolexic (www.prolexic.com)
  • E-Mail
Protecting infrastructure elements against DoS and DDoS attacks Michael Donner from Prolexic says that DDoS attackers are scrutinising enterprise infrastructure for weaknesses.
By  Michael Donner Published  January 29, 2013

Recognising ddos attacks

Knowledge is power in the fight against DoS and DDoS threats. Monitoring the following types of denial of service attacks against your infrastructure is critical to quickly detecting and responding effectively:

1. SYN floods

SYN floods are DDoS attacks, often using spoofed source IP addresses, that exploit the transmission control protocol (TCP) connection setup process. SYN floods often use high rates of tiny packets, which are costly to route because device performance is typically measured in packets per second, not by bandwidth.

2. TCP flag abuse floods

TCP Flag Abuse floods (URG, ACK, PSH, RST, SYN, FIN) are stateless streams of protocol 6 (transmission control protocal) messages with odd combinations or out-of-state requests. With modification to the control bits in the TCP header, many different variations and types of these floods are possible.

3. TCP fragment floods

TCP Fragment floods are DDoS attacks that try to overload the target’s processing of TCP messages due to the expense incurred in reconstructing the datagrams. These floods often consume significant amounts of bandwidth.

4. DNS floods
DNS floods are used for both attacking the infrastructure and the DNS application. This denial of service attack type allows DDoS attackers to use both reflection and spoofed direct attacks that can overwhelm a target’s infrastructure by consuming all available network bandwidth.

5. UDP floods

UDP floods are used frequently for larger bandwidth DDoS attacks because they are connectionless and it is easy to generate protocol 17 (UDP) messages from many different scripting and compiled languages.

6. UDP fragment floods

User Datagram Protocol Fragment floods are UDP floods that typically contain messages larger than the maximum transmission units that are sent from the malicious actor(s) to the target, consuming large amounts of network bandwidth.

7. CMP floods

CMP floods are protocol 1 messages with many different types. It is possible to reflect ICMP messages by setting the request source to the target’s IP address.

8. IGMP floods

IGMP floods are relatively uncommon in modern DDoS attacks, but they use protocol 2 with limited message variations. This type of flood has the ability to consume large amounts of the network bandwidth.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code