Common Types of Network AttacksPublisher: Psychz Networks, February 01,2016
Network attacks, or what the industry calls DDoS(Distributed Denial of service) is the common method used for attackers to render a network useless, bring down sites, disrupt government sites. There are multiple types of common attacks we are going to cover. However, there is no true example of the types of attack that exist.
There are three ways of making your server, or infrastructure unavailable:
Bandwidth: this type of attack consists of saturating the server's network capacity, which renders it unreachable.
Resources: this type of attack consists of depleting the machine's system resources, which prevents it from responding to legitimate requests.
Exploitation of software fault: also called "exploit", this type of attack targets a particular software fault either to make the machine unavailable or to take control of it.
Three of the most common attacks are:
SSDP attacks: 1900/UDP
This type of attack has an amplified reflective DDOS attack. This attack uses the UPnP(Universal Plug and Play) protocol that allows devices to discover their neighbor hardware, network discovery, broadcasting presence. The way the attack performs two task.
1) Spoofs the attacker IP and replaces it with the victim IP.
2) The attacker sends a series of UPnP queries to the server, each request increases by size, so the larger the attack gets the harder it is for the local network to respond to the request coming from the attacker. Ending with a complete overload of the network to the server.
123/UDP this is a type of attack targets the local server NTP that is used to keep the local server time synchronized. NTP attacks are commonly done via botnets that exist on exploited machines. When an attack gets to trigger the exploited host send millions of NTP synchronization request to the victim NTP server until the local server network is congested and crashes.
This is a ping attack. ICMP attacks are a type of attack that floods the local network connections by sending a series of echo request to the victim, the victim then sends an excessive amount of echo responds to the attack, but the attack may not have a routable destination due to the IP being spoofed.
ICMP Echo Request Flood
L3 Resource also called Ping Flood, mass sending of packets implicating the response of the victim, which has the same content as the original packet.
IP Packet Fragment Attack
L3 Resource Sending of IP packets that voluntarily reference other packets that will never be sent, which saturates the victim's memory.
L3 Bandwidth ICMP broadcast attack usurping the source address to redirect multiple responses to the victim
L3 Resource Mass sending of IGMP packets (multicast management protocol)
Ping of Death
L3 Exploit Sending of ICMP packets which exploit an implementation bug in certain operating systems
TCP SYN Flood
L4 Resource Mass sending of TCP connections requests
TCP Spoofed SYN Flood
L4 Resource Mass sending of TCP connections requests to usurp the source address
TCP SYN ACK Reflection Flood
L4 Bandwidth Mass sending of TCP connections requests to a large number of machines, usurping the victim's source address. The bandwidth of the victim will be saturated by the responses to these requests.
TCP ACK Flood
L4 Resource Mass sending of TCP segment delivery receipts
TCP Fragmented Attack
L4 Resource Sending of TCP segments that voluntarily reference other segments that will never be sent, which saturates the victim's memory
L4 Bandwidth Mass sending of UDP packets (not requiring a previously-established connection)
UDP Fragment Flood
L4 Resource Sending of UDP datagrams that voluntarily reference other datagrams that will never be sent, which saturates the victim's memory
Distributed DNS Amplification Attack
L7 Bandwidth Mass sending of DNS requests usurping the source address of the victim, to a large number of legitimate servers. As the response is more voluminous than the question, an amplification of the attack follows DNS Flood L7 Resource Attack of a DNS server by mass sending of requests
HTTP(S) GET/POST Flood
L7 Resource Attack of a web server by mass sending of requests
L7 Resource Attack of a DNS server by mass sending of requests from a large set of machines which are under the attacker's control