Protocols are the lifeblood of the internet as they carry the
traffic from host A to host B. There are a variety of protocols and
each have a specific function in order to accomplish the task at
hand. There are way to many protocols to cover in this blog post but
for the sake of at least covering a few of them, the most common you
will deal with are tcp, udp, icmp, rip, ospf, etc. Each one of these
can be used in an attack by modifying their original properties to do
something they were not originally designed to do.
One of the very visible to the world type of attacks is the Denial
of Service attack. The main goal of the Denial of Service attack is
deprive users from being able to access a resource. Services become
interrupted and productivity is lost. In this type of attack there
usually isn't the goal of destroying any data. Its more of being an
annoyance for the network under attack.
Why should you care about DoS when you arn't that big of a
company?
It goes back to how much money is lost when your company is dead
to the internet due to a denial of service. One of the big issues
here is if your company utilized Voip technology to talk to the rest
of the world. Does your Voip trunk use the same uplink to the world
as your data network? If it does then you could have some major
issues with customer complaints when they are unable to talk to
someone while your site is down. The secondary effect of bringing
your site down is the reputation you hold with your customers. If
they are unable to access your site when they want to then they may
think you went out of business or arn't stable enough to be a
business partner.
Sometimes these attacks arn't based soley on the consumption of
bandwidth but on the clogging of your web server or mail server.
When your web server is only able to handle a certain amount of
traffic and suddenly that limit is reached, legitimate traffic will
be ignored while the server tries to deal junk traffic and discard
it. In the case of the mail server, the queue could be so built up
with random massive amounts of email junk that other mail servers are
unable to connect and send legitimate emails. If you have a policy
of a 24 hour fix-or-free on issues then all an attacker has to do is
keep it up for a day or so and cause financial harm to your business.
Generally speaking most DoS attacks happen for days at a time.
I will cover DDoS at another time (didn't want to leave you
hanging) which will allow me to get into a little bit of depth when
it comes to a regular Denial of Service. Three of the mail types of
DoS is the SYN flood, smurf, and ping of death. Ping of death isn't
that common anymore but the basics of it is that the ping is so big
it causes the system to crash as it can't handle such a large packet.
The other attacks are of concern as the SYN flood attack simply
floods your server half-open connections. As your server tries to
deal with these the server can overwhelmed and start to ignore
legitimate traffic. Eventually they will time out but usually the
attack continues so long that when a new connection becomes
available, it is quickly filled with another SYN flood.
Generally speaking you need to be aware of these issues so that
when you see problems happening on your network you know what they
are. Keep a keen eye on your log files and watch for abnormal
traffic. Heck, even invest in an IDS :)
-- Joe McShinsky
Thursday, September 19, 2013
Subscribe to:
Posts (Atom)