issuhub.com

CEH

(Jeff_L) #1

262 Chapter 11 ■ Denial of Service


use their organization to sometimes enact extortion schemes or to set up other moneymak-
ing schemes. In yet other situations, these groups have been known to create botnets (which
we’ll discuss later in this chapter) that they can later rent out for a price to any party who
wants them.


DoS attacks are categorized as one of those that “can happen to anyone”

realities. As the saying goes, the world’s most secure computer is one that

stays in the box and is never turned on. Unfortunately that is not a practi-

cal solution for the real world; part of your focus as a CEH is to find that

balance between security and availability.

DoS Targets


DoS attacks result in a multitude of consequences. Let’s look at some common examples of
what is seen in the real world, and what you’ll most likely see on the exam:


Web Server Compromise A successful DoS attack and subsequent compromise of a web
server constitutes the widest public exposure against a specific target. What you see most
often is a loss of uptime for a company web page or web resource.


Back-end Resources Back-end resources include infrastructure items that support a
public-facing resource such as a web page. DoS attacks that take down a back-end resource
such as a customer database or server farm essentially render all front-end resources
unavailable.


Network or Computer Specific DoS attacks are also launched from within a local area
network, with intent to compromise the network itself, or to compromise a specific node
such as a server or client system. Various tools and methods for launching a DoS attack
against a client or network are discussed further in this chapter.


Types of Attacks


DoS attacks come in many flavors, each of which is critical to your understanding of the
nature of the DoS attack class.


For the exam you need to be extremely familiar with each of the forms

denial of service can take as well as how they differ. Although this is not

hard to do, it can be a little tricky.

Service Request Floods


In this form of DoS attack, a service such as a web server or web application is flooded with
requests until all resources are used up. This would be the equivalent of calling someone’s

Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2025. All rights reserved.