Flooding is the act of sending too much traffic onto a certain network so that no other user of the network can gain access to its services. Flooding is considered a Denial of Service (DoS) attack. When flooding occurs in more than one network, then it is called a Distributed Denial of Service (DDoS) attack. While flooding in itself is considered a malicious act, knowing the tools and how the work can help one to understand vulnerabilities in their network. For every business that operates in Ottawa, their IT company’s would be able to which inform users of these tools and can help them perform tests to identify vulnerabilities.
Flooding is categorized into three distinct types. They include Protocol Attacks, Application Layer attacks, and Volume Based Attacks.
Protocol Attacks
Protocol attacks are aimed at utilizing server resources and intermediate communication tools such as load balancers and firewalls. They are aimed at exploiting the weakness in the network protocols and using those weaknesses to deny access to services. An SYN attack, for instance, exploits the three-way handshake weakness in a TCP connection sequence. Synchronize (SYN) requests are usually responded to by a synchronize acknowledgment (SYN-ACK) response from the host. SYN attacks entail sending multiple SYN requests without waiting for an ACK from the host, flooding the host with requests until no new connection can be accepted.
Volume Based Attacks
These attacks are aimed at flooding the host with multiple data packets such that the bandwidth of a host site is saturated with malformed data packets and is prevented from accepting legitimate data from other users. User Datagram Protocol (UDP) flood is considered a volume-based attack. The attacker floods a host site with UDP packets on random ports. The host repeatedly checks these ports for an application request but finds none, prompting it to send a ‘Destination Unreachable’ packet. When this repeatedly happens at every port on the host network, it ultimately leads to a denial of service.
Application Layer Attacks
Attacks launched at the application layer are usually aimed at finding vulnerabilities in the application which the user is interacting with. The aim is usually to crash the server by sending multiple innocent requests to it. HTTP flood is an example of an application layer attack, where the attacker makes the application or server to allocate maximum resources to each of the requests sent to it. This attack usually does not require malformed packets or spoofing techniques. The bandwidth required to bring down servers with these attacks is also low. Every company which offers computer services within Ottawa must ensure that their clients are protected and have some basic knowledge of how to identify these attacks.