Technology
Microfine™ Granularity
Adaptive Threshold Estimation
Virtual Identifiers
Scan Prevention
Source Tracking
Protocol Anomaly
Custom ASICs
White Papers
FAQs
Overview Presentation
DoS Articles
 

DoS, DDoS Attacks : Taxonomy

Denial of Service (DoS) attacks

A denial of service (DoS) attack floods a network with an overwhelming amount of traffic, slowing its response time for legitimate traffic or grinding it to a halt completely. The intent of these attacks is to deny the service to legitimate users.

Distributed Denial of Service (DDoS) attacks

Distributed denial of service (DDoS) attacks are DoS attacks that appear to come from or come from a large number of IP addresses. The intent of these attacks is to deny the service to legitimate users.

Address Spoofing

A method by which attackers change their IP address to a fake one. This helps them launch network flood attacks that cannot be attributed to a real source thus making it difficult to block them using simple firewall rules. If the address is continuously changed the job becomes even harder.

Bot

Related to Distributed denial of service (DDoS) attacks, a bot is short for robot. This is a program that runs on computers that have been compromised by hackers. The hacker can control the behavior of the bot code for malicious activity such as launching a DoS or DDoS attack. Machines infected with bot code are sometimes called zombie machines as well.

Botnet

A set of Bot machines under the control of a hacker - also called botmaster. The botmaster can control the botnet remotely. A botnet can be used to launch a co-ordinated attack against a victim network, most often resulting in a DoS or DDoS. Some botnets can be as large as a million compromised machines.

SYN Flood

A SYN flood is a form of DDoS attack in which an attacker using a few machines or a botnet to send a succession of spoofed TCP SYN (new connection) requests to a target's system. This causes the destination machine's TCP connection table to be full and thus denying access to legitimate users.

This was a common form of DDoS attack a few years back. Most hardware based firewalls are able to handle these requests.

The attackers have migrated to more sophisticated attacks that actually complete the TCP connection. Such attacks require specialized DDoS mitigation hardware such as IntruGuard's products.