What is Denial of Service (DoS) Attacks

What is Denial of Service (DoS) Attacks ETuB3CB

Denial of Service (DoS) attacks are undertaken with the express motivation behind keeping users from getting to and utilizing service they should otherwise be able to access. Such attacks make malicious utilization of a wide range of standard protocols and tools. There is no single DoS attack strategy, and the term has come to include a wide range of types of attack, a number of which are outlined below:


  • Ping flood - This attack uses the Internet Message Protocol (ICMP) ping request to a server as a DoS method. The strategy either involves sending ping requests in such vast quantities that the receiving system is unable to respond to valid user requests, or sending ping messages which are so large (known as a ping of death) that the system is unable to handle the request.

  • Smurfing - As with Ping Flood attacks, smurfing makes use of the TCP Internet Message Protocol (ICMP) ping request to mount DoS attacks. In a typical smurfing attack the attacker sends a ping request to the broadcast address of network containing the IP address of the victim. The ping request is sent to all computers on the broadcast network, which in turn all reply to the IP address of the victim system thereby overloading the victim with ping responses. The primary method for preventing smurf attacks is to block ICMP traffic through routers so that the ping responses are blocked from reaching internal servers.

  • TCP SYN Flood - Also known as the TCP Ack Attack, this attack leverages the TCP three way handshake to launch a DoS attack. The attack begins with a client attempting to establish a TCP connection with the victim server. The client sends a request to the server, which in turn returns an ACK package to acknowledge the connection. At this point in the communication the client should respond with a message accepting the connection. Instead the client sends another ACK which is responded to by the server with yet another ACK. The client continues to send ACKs to the server with the effect of causing the server to hold sessions open in anticipation of the client sending the final packet required to complete the connection. As a result the server uses up all available sessions serving the malicious client, thereby preventing access to other users.

  • Fraggle - A fraggle attack is similar to a smurfing attack with the exception that the User Datagram Protocol (UDP) is used instead of using ICMP.

  • Land - Under a Land attack the attacker creates a fake SYN packet contain the same source and destination IP addresses and ports and sends it to the victim causing the system to become confused when trying to respond to the packet.

  • Teardrop - A teardrop type of DoS attack exploits a weakness in the TCP/IP implementation on some operating systems. The attack works by sending messages fragmented into multiple UDP packages. Ordinarily the operating system is able to reassemble the packets into a complete message by referencing data in each UDB packet. The teardrop attack works by corrupting the offset data in the UDP packets making it impossible for the system to rebuild the original packets. On systems that are unable to handle this corruption a crash is the most likely outcome of a teardrop attack.

  • Bonk - An effective attack on some Windows systems involving the transmission corrupted UDP packets to the DNS port (port 53) resulting in a system crash.

  • Boink - Similar to the Bonk attack except that the corrupted UDP packets are sent to multiple ports, not just port 53 (DNS).

The Denial of Service (DoS) attacks outlined above involve the use of a single client to launch an attack on a system or service. Distributed Denial of Service Attacks use the same basic attack methodologies as outline above, with the exception that the attacks are initiated from multiple client systems.

What is a Distributed Denial-of-Service (DDoS) Attack


Did you find this tutorial helpful? Don’t forget to share your views with us.