Ways to protect against DDOS

1. From cisco : (related only to cisco products but its a nice read)

http://www.cisco.com/warp/public/707/newsflash.html

2. From CERT. (nice read if for starters)

http://www.cert.org/homeusers/ddos.html

3. From US-CERT

http://www.us-cert.gov/cas/tips/ST04-015.html


But just to get you started there are lot of ways a DoS or DDoS can be carried out Ill mention a few of them :

1. Ping Of death :

This DoS attack is carried out by expoiting the maximum packet size that TCP/IP allows for being transmitted over the internet which is restricted to 65,536 octects.

I am not giving much information on this attack as this attack no longer exists as no operating system is affected by it unless you are using some ancient OS and its ancient version.

Anyway for more information you may want to read any of these documents
Information on ping of death

2. Teardrop

Teardrop attack uses a vulnerability present in reassembling of data packets. Whenever data is sent over the internet it is first broken insmaller fragments at the source system and put together at the destination.

For example. You need 4000 byte's from a system and this is broken down into 3 packets

packet 1 will carry data from 1 byte to 1500 byte's
packet 2 will carry data from 1501 byte's to 3000 byte's
packet 3 will carry data from 3000 byte's to 4000 byte's

Now there is an offset feild in the data packet which specifies from what byte to what byte the data is carried in that perticular packet.

Normally the system will recive data inform of

1 to 1500 then 1501 to 3000 and last 3000 to 4000 byte's.

but in teardrop attack
1 to 1500 then 1500 to 3000 and last "1001 to 2301" byte's (this is an exmaple)

hence the destination system gets confused and cannot re-assemble packet's and will hang and reboot.



3. SYN-Flood


This is one of the most easiest way to perform a DDoS attack. It is very hard to eplain but just for the sake of it. here is an exaple.

There are 10 telephone's at your office and I dial all the 10 numbers so all 10 of the teleplhon's will be busy now lets say one of your clients tries to call you he will placed on either hold or will not connect.

Thats how a SYN-Flood attack works. Legit users are denied access to the data by keeping the server busy.

SOLUTION : There is no one single countermeasure to protect from this attack but folowing are a good start.

1. reducing the duration of time required for a "timed out"
2. Increasing the queue of connection (will increase memory usage)
3. KEEPING YOUR SYSTEMS UPDATE.

THIS ATTACK IS MAINLY USED TO CARRY OUT IP SPOOFING


4. Land attack

This is same as SYN flood but only diffrence is that instead of bad ip address, IP address of the target system is used. This means that the packet conatins source and destination address (and ports) of the same system which then creats an INFINITE LOOP. ultimately crashing the system

BEST COUNTERMEASURE USE A FIREWALL.



5. Smurf Attack

THis is a sort of Brute force DOS attack where huge numbers of ping request are sent to a system (NORMALLY THE ROUTER). of a target network using IP address spoofed from the teret network.. This will in the end flood the entire network with ping or echo requests and its replies.

For more read
http://www.cert.org/advisories/CA-1998-01.html


Hope this information help's.