2016 saw 71% rise in Denial of Service attacks with biggest attack of 623 Gbps and mega attacks averaging around 100 Gbps.
If unprepared, Denial of Service can result in Financial losses, Reputational Damage, Customer Attrition and Legal Pursuits.
Common Denial of Service Attacks Link to heading
HTTP Flood Attacks Link to heading
- Volumetric Attack: Simultaneously many machines launch HTTP requests towards a target, saturating it’s resources or saturating bandwidth.
- Malicious Application Requests: Simultaneous GET/POST/PUT requests to target, which causes high CPU utilization. For Eg: Password Reset request, Long running requests like report execution, downloading large files, requests calling slow hash function
SYN Attacks Link to heading
- Simultaneous TCP requests are sent to target, but doesn’t complete 3-way handshake. For Eg: Initiating request via Spoofed IP.
UDP and ICMP Attacks Link to heading
- Simultaneously flood random ports on target using UDP protocol. Spoofing is much easier as there is no 3-way handshake in UDP.
ICMP Attacks Link to heading
- Simultaneously launching ICMP echo requests to the target with spoofed IP.
- Simultaneously sending large packets to the target causing buffer-overflow.
DNS Attack Reflection and Amplification Link to heading
- DNS reflection is achieved by eliciting a response from a DNS resolvers to a spoofed IP. Simultaneously sending out DNS query with a spoofed IP to a DNS resolver can overwhelm it.
Basic Mitigations Link to heading
- Establish Traffic reputation
- Filter Ingress traffic
- Disable unused ports and block unnecssary protocols
- Blackholing suspected or malicious traffic
- Implement Web Application Firewall (WAF)
- Use third-party services like CloudFlare, Akamai, Incapsula.
