DoS attack

Are you disturbed by Web application security issues? How much do you know about DoS attack, being one of the biggest threats to Web application security? Here, the introduction to DoS attack is demonstrated. DoS (short for Denial of Service) attacks refer to certain attacks that will prevent legitimate users of a service from using that service, such as network traffic congestion which is able to prevent intended users from receiving corresponding service. DoS is an easy but effective way to implement cyber attack so as to deny intended users" requests, damage normal running and then lead Internet connection and web system fail. There are many methods of DoS attack, and maximizing consumption of computational resources so as to prevent any other work from occurring is the most basic one. The implementation process of DoS attack At first, attackers send multiple external communication requests with fake address to certain server. Then, the server will send out corresponding response information. Since the given requests addresses are forged, the server can not obtain feedback, failing in releasing needed resources. Afterwards, the connection will be cut off due to time-out error. At this time, attackers will trigger bats of requests until resource starvation happens. As it is hard to prevent DoS attack owning simple implementation methods and highly attainable aims, server users are supposed to get quite familiar with the attack, and then work out possible strategies to harden Web application security. A DoS attack can be implemented via various ways: 1. SYN FLOOD By making use of Backlog Queue and special programs, DoS continuously doubles the number of unsolicited TCP connection requests marked with SYN. Regarding those as unreviewed requests, the server will distribute them to Backlog Queue. Once SYN queries occupy the whole space of Backlog Queue, all coming requests will be denied by the server. There is every chance that the requests from legitimate users are also rejected by the server. 2. IP address forging Providing that a legitimate user whose IP address is 1.1.1.1 has established connection with corresponding server, but attackers forge the IP address 1.1.1.1, and send a TCP data segment carrying RST. In this condition, the server will inevitably empty the already-established connection in Backlog Queue, deeming that the 1.1.1.1 connection is incorrect. If legitimate users want to resend data, they have to reestablish connection. 3. Self-consumption DoS attack through self-consumption is an old-fashioned attack method. To implement attack, DoS will send client-end IP port which is identical to IP port of the host machine to the host machine. Receiving certain requests, the host will send TCP requests and connections to itself until all system resources are consumed. 4. Overfilling server hard disk Generally, if there is no limitation for server writing, DoS can implement attack via overfilling server hard disk via those ways: Via sending spam Mail server and Web server are placed together, so malicious users can send large sum of spam until the mail box or server hard disk is stuffed. Via creating logs Since server will record all errors, invaders can forge and then send errors to server. In this way, the recorded logs may overfill the server hard disk. Moreover, it is hard for managers to find out logs which exactly record the correct errors. 6. Reasonable strategies The security strategies to lock up user account are available in server. For instance, a user account will be locked once users enter wrong passwords three times in a row. The mentioned security strategy can also be used by malicious users. Legitimate users may fail to log in, if malicious users conduct wrong login. To protect Web application security, computer users are supposed to have a profound master of how DoS attack works, and spare no efforts to prevent it.