Denial of Service Attacks

Abstract

Abstract This chapter focuses on the very serious problem of denial of service (DoS) attacks against computer systems and networks. DoS attacks are attacks designed to disrupt, overwhelm, and/or damage computing resources and data. These attacks are aimed not against confidentiality of data or integrity of systems and data, but rather against availability of systems and data. Attackers launch DoS attacks for a wide variety of reasons. The probability of success is high, due in large part to the fact that the Internet itself has not been designed for security. The cost of DoS attacks is often high—several well‐known attacks have reportedly cost organizations billions of dollars. Many types of DoS attacks have surfaced so far, including resource starvation attacks, buffer overflow attacks, and packet fragmentation attacks. Distributed denial of service (DDoS) attacks, attacks in which programs planted in multiple systems cooperate, represent an even higher level of threat. Preventing DoS attacks is difficult in the first place due to a plethora of reasons; limiting the potential for damage and disruption is often the most cost‐effective strategy. Hot sites, cold sites, use of uninterruptible power supplies (UPSs) and Redundant Array of Independent Drives (RAID) solutions, and other measures can limit the damage from DoS attacks. Using properly configured and maintained firewalls is one of the best single prevention measures. Additionally, using packet filters on systems, keeping up with patches, limiting services that run on these systems, and using other measures go a long way in helping prevent susceptibility to DoS attacks.