Loss of Availability

Denial-of-service (DoS) attacks try to block or deny access to impact the availability of network services. These types of attacks can interrupt business transactions, cause considerable loss, or damage the company's reputation. DoS attacks are fairly straightforward to carry out, even by an unskilled attacker. Distributed DoS (DDoS) attacks are initiated by multiple source locations within the network to increase the attack's size and impact.

DDoS attacks occur when the attacker takes advantage of vulnerabilities in the network and/or host. Here are some common failure points:

■ A network, host, or application fails to process large amounts of data sent to it, which crashes or breaks communication ability.

■ A host or application is unable to handle an unexpected condition, such as improperly formatted data and memory or resource depletion.

Nearly all DoS attacks are carried out with spoofing and flooding methods. Here are some ways to combat DoS attacks:

■ DHCP snooping verifies DHCP transactions and prevents rogue DHCP servers from interfering with production traffic.

■ Dynamic ARP inspection intercepts ARP packets and verifies that they have valid IP-to-MAC bindings.

■ Unicast RPF prevents unknown source addresses from using the network as a transport mechanism to carry out attacks.

■ Access control lists (ACLs) control what traffic is allowed on the network.

■ Rate limiting controls the rate of bandwidth that incoming traffic is using, such as ARPs and DHCP requests.

Figure 13-1 shows a DoS threat on availability. The attacker is performing a DoS attack on the network and servers using a flood of packets. Keep in mind that this is an external attack; however, an internal attack is also certainly possible.

Figure 13-1 DoS Threat

Enterprise Campus

Building Acces il

s

Building Distribution

Campus Core

Data Center/Server Farm

Data Center/Server Farm

HI i

Figure 13-1 shows a DoS threat on availability. The attacker is performing a DoS attack on the network and servers using a flood of packets. Keep in mind that this is an external attack; however, an internal attack is also certainly possible.

Remote Access

Attacker

Flooding network and servers with packets

Remote Access eTs

Attacker

Flooding network and servers with packets

Was this article helpful?

0 0

Post a comment