Denial of Service Attacks

This chapter describes a denial of service (DoS) attack, which attempts to prevent legitimate users from accessing a computing resource. This type of attack may flood a network with packets to tie up network bandwidth, or it may use up resources, such as memory, disk space, or CPU cycles on one or more network hosts. Single source DoS attacks are launched by a single attack computer. Distributed DoS attacks use compromised systems to launch an attack and the compromised systems may be controlled by a single master system. DoS attacks can be detected by IDSs or by examining system logs for repeated patterns of attempted network access. Once an attack has been detected, the best solution is to shut down the network while one recover. Though it is impossible to prevent a DoS from being directed at a network, one can prevent systems from being used in a distributed DoS attack by hardening the systems against system intrusions, especially the delivery of unauthorized software.