Exploring the Client-Server Relationship 315
spills or overflows into the buffers it was not intended for, the result can be corrupted
or overwritten data. If this act occurs, the result can be that data loses its integrity. In
extreme cases, buffer overwriting can lead to anything from a loss of system integrity to the
disclosure of information to unauthorized parties.
Denial-of-Service Attack
An attack that can wreak havoc with a web server is the venerable denial-of-service (DoS)
attack. As a fixed asset, a web server is vulnerable to this attack much as any other server-
based asset would be. When carried out against a web server, all the resources on that
server can be rapidly consumed, slowing down its performance. A DoS attack is mostly
considered an annoyance because it is easy to defeat.
Distributed Denial-of-Service Attack
While a DoS attack is mostly an annoyance, the distributed denial-of-service (DDoS) attack
is much more of a problem. A DDoS accomplishes the same goal as a DoS: it consumes the
resources on a server and prevents it from being used by legitimate users. The difference
between a DDoS and a DoS is scale. In a DDoS, many more systems are used to attack a
target, crushing it under the weight of multiple requests at once. In some cases, the attack
can be launched from thousands of servers at once against a target.
Some of the more common DDoS attacks are:
Ping Flooding Attack A computer sends a ping to another system with the intention of
uncovering information about the system. This attack can be scaled up so that the packets
being sent to a target force it to go offline or suffer slowdowns.
Smurf Attack Similar to the ping flood attack, but with a twist to the process. In a Smurf
attack, a ping command is sent to an intermediate network where it is amplified and
forwarded to the victim. This single ping now becomes a virtual tsunami of traffic.
SYN Flooding The equivalent of sending a letter that requires a return receipt; however,
the return address is bogus. If a return receipt is required and the return address is
bogus, the receipt will go nowhere, and a system waiting for confirmation will be left in
limbo for some period of time. An attacker that sends enough SYN requests to a system can
use all the connections on a system so that nothing else can get through.
IP Fragmentation/Fragmentation Attack Requires an attacker to use advanced knowledge
of the Transmission Control Protocol/Internet Protocol (TCP/IP) suite to break packets up
into fragments that can bypass most intrusion-detection systems. In extreme cases, this
type of attack can cause hangs, lockups, reboots, blue screens, and other mischief.
Banner Information
As you learned in the footprinting phase, you can gather information from a server by
performing a banner grab. This process is no different than earlier; you can use tools such as
telnet or PuTTY to extract banner information and investigate the internals of the service.