Denial of service attacks in Network security introduction and short history of DoS attacks:
Denial of service attacks are one of the major threat to the modern computer networks.It has been said that first DDoS attack was launched in 1999 against the IRC server of university of minnesota which affected 227 systems and server was down for several days.Another DoS attack was documented in the week of feb 7 2000.A 15 year old canadian hacker named “mafiaboy” performed a series of DoS attack against some sites like ebay and amazon.Companies suffered from 1.7 billion of damage.After that it became the best way of hacking among cybercriminals. People used to perform these attacks for profits.Hackers will follow the procedures like mafiaboy and ask for the money.In 2005 ,it became more easy to implement those attacks ,a boy of 18-yr old named Farid Essabar developed a worm called MyTob which used to open a backdoor in Ms windows hosts and connect to the remote IRC server.The computer then used to wait for the commands from the servers.Farid was arrested for distributing the worm.This was surely not the last case.DDoS attacks were used to attack and money extortion.
As name suggests Denial of Service aka DoS, it’s main objective is to make the system to deny the legitimate service requests. Basically DoS attacks are performed by exhausting the resources of the computer like processing power,network bandwidth,TCP connection and service buffers,CPU cycles and so on.Hackers actually overload the service requests to the target server and if required number of services are not being generated by a single computer, then Distributed Denial of Service(DDoS) will be performed.Hacker will use random computers on the internet to attack the victim and since the frequency of the attacks is increased tremendously and there are a lot of unwitting hosts involved ,it is very difficult to prevent those attacks and trace the actual hacker.These days the DoS attacks are frequently occurred due to the extensive use of internet and increment in vulnerabilities.For example wireless network can be victim of DoS attacks as our wireless devices uses same physical media for receiving and sending the signals.In wireless networks an hacker can easily, forge,modify or inject harmful packet to disrupt the network connectivity.
There are tons of ways with which one can perform DoS attacks.As long as the method used can exhaust the resources of target in some way then it will be considered successful method.Some network based and host based attacks are as follows: network based attacks:
TCP SYN flooding:This attacks the part of normal TCP three-way handshake to exhaust the victim’s resources.When client ask for service ,it sends TCP SYN message to the server and server replies by sending SYN-ACK message and waits for client to send ACK message.At this state,server allocates the certain memory to store the information from the client.And it will not be released unless server gets ACK message from the client.Now the malicious client will not send ACK message and this process will occur in every single port and since it will repond to all the requests ,the server will run out of memory which was assigned for half-open connection.

ICMP smurf flooding: ICMP packets are used to test if the computer is responding in a network.The computer to be tested is pinged by sending ICMP packets by another computer and the computer will reply by sending ICMP echo reply packets.In ICMP smurf flooding attack the victim is flooded with tons of spoofed ICMP packets which can exhaust the computer by using up all the resources and the victim will no longer be able to provide its service.
An attacker sends an ICMP packets with the victim’s IP address as a source address and remote network’s IP address as a destination address.The computers on the remote network will reply with the ICMP echo reply packets to the victim and if there is no good security system like firewall to block the forged packets then the victim’s resources may get exhausted and denial of service will occur.

UDP Flooding: An attac ragmented parts and end up having a packet more than 65,535 bytes which will exhaust the memory buffer and victim wont be able to provide the service.

Slowloris: In slowloris an attacker uses a web server to attack another web server targeting only web services.Constant partial HTTP headers are sent to the victim and the request is never completed due to which the victim keeps all the requests which will soon occupy the whole allocate memory which makes the server to not to accept more legitimate requests causing denial of service.

NTP amplification attack:NTP amplification attack is a DDoS attack in which a lot of botnets pretends to be a legitimate client asking for the service. Since the botnets are in tremendous amount asking for the service constantly,there will be loss in resources to some extent and it will get exhausted.Due to this, the server will not be able to provide the service.This type of amplification attacks can be done in some other types of servers such as DNS which is called DNS amplification.

host based attacks:Instead of messing with network protocols , an attacker can attack the application or system on the host.This targets the certain algorithm of a program.Although the attacking traffic is less than the network based attacks ,it is enough to crash the certain application and consume the resources.These types of attacks can be performed by single computer as well as multiple computers on the internet(DDoS)

DDoS attacks: DDoS attacks are same as DoS attacks to some extent.Major difference is that it is performed by multiple computers. In order to perform DDoS attacks an attacker follows two steps.At first it attacks the random computers in the internet to turn it into a zombie and uses it in the attack.This is done in many ways, an attacker can make victims to click on certain file and inject the Trojan horse in the remote computer.The remote computer will not be harmed in any way.The code will just sit somewhere in the computer without getting any attention.This process will be repeated in many computers in the internet.Now these computers are called zombies.
After this,at some point of time, an attacker will make zombies to attack the victim at the same time.It’s not necessary that every single computer will perform the same kind of attack.Either of the computer can perform different type of attack.

Countermeasures of DoS and DDoS attacks: It’s never possible to get fully prevented from DoS attacks however we can get prevented to some extent. In order to get prevented from DoS attacks, there are a lot of vendors who have developed some good technologies like intrusion detection system,firewalls,and secure routers.These devices normally work between servers and internet, filtering the ingress and egress traffic,traffic analysis,address blocking etc.For eg CISCO ios netflow is one of the best IDS which is pretty good in providing key set of services for IP applications.This IDS does a lot of things including showing up peak usage time,traffic routing,peak usage of bandwidth and many more.These information is then compared against the baseline data and if something suspicious is observed,necessary step can be taken.
Nowadays, use of firewalls has been a common thing.Firewalls are basic aspect of today’s network.These firewalls somehow can prevent DoS attacks to some extent.Firewalls can inspect the ingress and egress traffic and can distinguish between legitimate packets and unwanted packets to some extent.Firewalls can control the use of certain ports,protocols ,packet types and and IP address.Some of the advanced routers nowadays can perform these task performed by the firewalls.
Although, we have tremendous amount of security systems,it’s still very tough to get prevented from DoS attacks.At first its really hard to distinguish between legitimate and unwanted packets.An attacker can attack any ports but it’s not possible to shutdown all the ports for security reasons.For eg an attacker might attack on HTTP port 80 sending unwanted packets pretending lige legitimate request.Even if our routers and firewalls are working properly,it’s not hard to overwhelm them by sending tons of requests.
To get prevented from source address spoofing, we need to restrict source address of the traffic inside the network which can be obtained by ingress filtering. This makes connectivity only with legitimate users but not with random IP addresses.This idea of filtering is used in many routers and firewalls nowadays making them more secure.Although we we can’t stop attacker using forged ip address,we can get prevented from subnet spoofing.
We can stop machines from participating in DDoS attack using D-ward systems.This system monitors the ingress and egress traffic of the network and it has ability to discard those traffic which are taking too long to process.We will obviously stop some legitimate traffic.DDoS attacks will surely take place in networks without D-ward system but implementing this system in as many as possible networks will help to reduce the number of zombies.

DoS attacks and its countermeasures in WIFI networks.Wireless technology is integral part of our life.We carry a lot of devices which can access wireless.This is pretty handy way to get connected to the internet but it’s risky in some areas.Since WIFI is an open network means everyone with devices having wireless NIC will be able to observe it, people will always be able to launch DoS attacks by jamming and interfering the packets.These types of attacks will always be enough to exhaust the physical router causing the collision of the packets.In order to prevent this,delivery ratios of poor packets can be observed and location information can be used.Defects of MAC layer can be used by attackers, they may simply exploit some vulnerebilities like carrier sense mechanism and decieve normal nodes.DoS attacks in network layes mainly focuses in routing and some other protocols.It has been observed that DoS attacks in Network layer is pretty different from the other Dos attacks in the internet.Normally a computer in the same network ends up to be an attacker.This way, they just need to flood the packets to the network and since it’s different from other attacks there are no any valid countermeasures for this type of attack.
Attackers can also get control over the ad hoc routing protocols like DSR and AODV and can break the legitimate connections. For eg changing the destination IP address can cause the the network to not establish the legitimate connection.Due to this reason security of routing protocols is important and several other routing protocols are being offered by some people. One of them is TESLA which is considered to be secure to some extent.So when a route request is found ,it authenticates it with TESLA so that attackers will not be able to modify or forge the traffic.
Forwarding behaviour can be exploited by some of the attackers.This can be done by either injecting the unwanted packets,dropping the packets and disordering the packets in a legitimate traffic.This attack is mainly used to exhaust the bandwidth of the network.Attacker normally uses spoofed packets in order to hide itself.In order to get protected from these types of attacks, authentication in every hop can be applied.

conclusion:Finally ,DoS attacks are still the best way for an attacker to exploit the network and exhaust the resources.Nowadays it’s even even easier to perform these attacks due to easy to download attacking tools and and even zombies can be hired.It feels bad to say that we still donot have 100 percent solution for these attacks.The attack types mentioned above are just some examples of DoS attacks.In reality, there are surely uncountable number of attacks.But we can always get prevented from DoS attacks to some extent.For the complete solution of these attacks we need to start global solution.Meaning we need to stop creation of zombies and for this every single of us should be aware of our systems.Updating our operating systems is always better idea for security reasons.Everyone related to this field is trying their best to solve this problem but yes it can never be eliminated because its how internet world works.If solution for one type of attack is generated , people will create another type of attack.But its always good to implement all the possible security measures.

references:
(http://www.britannica.com/topic/denial-of-service-attack)
(http://www.cisco.com/c/en/us/products/collateral/security/traffic-anomaly-detector-xt-5600a/prod_white_paper0900aecd8011e927.html)
(https://www.techopedia.com/definition/17294/smurf-attack)
(https://www.incapsula.com/ddos/attack-glossary/syn-flood.html) https://blog.fortinet.com/post/ddos-a-brief-history security in computing , 5th edition ,charles p.pfleeger
https://s2.ist.psu.edu/paper/ddos-chap-gu-june-07.pdf