issuhub.com

CEH

(Jeff_L) #1

Understanding DoS 263


phone over and over again so they could not answer any other calls due to their being occu-
pied. When a single system is attacking another, it is tough to overwhelm the victim, but it
can be done on smaller targets or unprepared environments.
Service request floods are typically carried out by setting up repeated TCP connections
to a system. The repeated TCP connections consume resources on the victim’s system to the
point of exhaustion.


SYN Attack/Flood


This type of attack exploits the three-way handshake with the intention of tying up a
system. For this attack to occur, the attacker will forge SYN packets with a bogus source
address. When the victim system responds with a SYN-ACK, it goes to this bogus address,
and since the address doesn’t exist, it causes the victim system to wait for a response that
will never come. This waiting period ties up a connection to the system as the system will
not receive an ACK.


When this attack is carried out on a system with a default setup, it may

cause it to be tied up for 75 seconds at a time before it assumes the party

isn’t coming back. If the attacker can open enough of these half-open con-

nections and do it rapidly, they can keep the system out of service.

ICMP Flood Attack


An ICMP request requires the server to process the request and respond, thus consuming
CPU resources. Attacks on the ICMP protocol include smurf attacks, ICMP floods, and
ping floods, all of which take advantage of this by flooding the server with ICMP requests
without waiting for the response.


Ping of Death


A true classic indeed; originating in the mid- to late-1990s, the Ping of Death was a ping
packet that was larger than the allowable 64 K. Although not much of a significant threat
today due to ping blocking, OS patching, and general awareness, back in its heyday the
Ping of Death was a formidable and extremely easy-to-use DoS exploit.


Teardrop


A teardrop attack occurs when an attacker sends custom-crafted fragmented packets with
offset values that overlap during the attempted rebuild. This causes the target machine to
become unstable when attempting to rebuild the fragmented packets.


Smurf


A smurf attack spoofs the IP address of the target machine and sends numerous ICMP echo
request packets to the broadcast addresses of intermediary sites. The intermediary sites
amplify the ICMP traffic back to the source IP, thereby saturating the network segment of
the target machine.

Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2025. All rights reserved.