Question

Mischievous hackers have employed ‘Theft of Service Attack’ on your IT infrastructure. How would you explain (with a suitable diagram) this type of attack to your apprentice who has just started working for you?

Answer 1

Theft on service attack is also called as 'Denial of service attack'(DOS). A Denial of Service (DoS) attack is an attack meant to shut down a machine or network, making it inavailable to its intended users. DoS attacks attain this by flooding the target with traffic, or sending it information that triggers or activate a crash. In both instances, the DoS attack brokes legitimate users such as, employees, members, or account holders of the service or resource they anticipated.

Victims or attackers of Denial of Service attacks frequently target web servers of high ranking organizations such as banking, commerce, and media companies, or government and trade organizations. Though DoS attacks do not typically result in the theft or loss of sensitive information or other assets, they can cost the victim a great deal of time and money to handle.

There are two general methods of DoS attacks: They are flooding services or crashing services. Flood attacks occur when the system receives too much traffic for the server to buffer, causing them to slow down and finally stop. Popular flood attacks include:

• Buffer overflow attacks: The most common DoS attack. The idea is to send more traffic to a network address than the programmers have built the system to handle. It contains the attacks shown below, in addition to others that are planned to use bugs definite to certain applications or networks
• ICMP flood: Influences misconfigured network devices by sending spoofed packets that knock every computer on the targeted network, instead of just one specific machine. The network is then triggered to expand the traffic. This attack is also known as the smurf attack or ping of death attack.
• SYN flood: Sends a request to connect to a server, but never accomplishes the handshake. Continues until all open ports are saturated with requests and none are available for legal users to connect to.

Other DoS attacks simply use vulnerabilities that cause the target system or service to crash. In these attacks, input is sent that takes advantage of bugs in the target that appropriately crash or severely damage the system, so that it can’t be accessed or used.

An additional type of Denial of Service attack is the Distributed Denial of Service (DDoS) attack. A DDoS attack occurs when multiple systems manage a synchronized DoS attack to a single target. The important difference is that instead of being attacked from one location, the target is attacked from many locations at once. The distribution of hosts that defines a DDoS provide the attacker various advantages:

• He can influence the greater volume of machine to execute a seriously disruptive attack
• The location of the attack is very difficult to detect due to the random distribution of attacking systems.
• It is more hard to shut down multiple machines than one
• The true attacking party is very hard to identify, as they are hide behind many (mostly compromised) systems

Diagram for DOS attack: