Wednesday, February 29, 2012

Denial of Service Attack


 
                       
What is DoS Attack?
                      Denial of service or as simply says the DoSis an attack on a computer or network that prevents legitimate use of its resources. In this attacker flood a victim system with non-legitimate service requests or traffic to overload its resources, which prevents it from performing its intended tasks. 
Symptoms of a DoS Attack
  1. Slow network performance
  2. Unavailability of a particular website
  3. Inability to access any website
  4. Dramatic increase of spam emails received
Detection Techniques
           Detection techniques are based on identifying and discriminating the illegitimate traffic increase and flash events from legitimate packet traffic.
Activity profiling:
            Activity profile can be identified by analyzing network packet’s header information. An attack is indicated by an increase of activity level among clusters.
Wevlet Analysis:
            This describes an input signal in terms of spectral components. This will provide for concurrent time and frequency description. By analyzing each spectral window’s energy determines the presence of anomalies.
 Countermeasure strategies
  • Absorbing the attack: Use additional capacity to absorb traffic; It requires additional resources.
  • Degrading services: Identify critical services and stop non-critical services.
  • Shutting down services:  Shutdown all the services until the attack has decreased.
  1. Configure the firewall to block external ICMP traffic access.
  2. Prevent using unnecessary functions such as gets, strcpy, etc. in programming.
  3. Secure the remote administration and connectivity testing.
  4. Prevent the return address being overwritten.
  5. Data processed by the attacker should be stopped from being executed.
  6. Perform thorough input validation.
  7. Use a better network card to handle large number of traffic.
  8. Update kernel to the latest release.
  9. Disable unused and insecure services.
DoS/DDoS Protection Tools
  1. NetFlow analyzer (http://www.manageengine.com/)
  2. D-Guard anti DDoS firewall (http://www.d-guard.com/)
  3. RegX fuzzer (http://www.microsoft.com/)
  4. NetSclar (http://www.citrix.com/)
  5. FortGuard (http://www.fortguard.com/)
  6. IntruGuard (http://www.intruguard.com/)
  7. WANGuard (http://www.andrisoft.com/)
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)