DOS/DDOS: They are attacks that consume or disable resources in an attempt to hinder or disrupt some operation or function. There are two types:
1. Flaw exploitation attacks.
2. Flooding attacks, which seek to consume resources.
• Ping of Death: Because several vendor implementations of the IP stack were not designed to handle oversized packet attacks which when combined from a packet over 65,536 bytes most crash or restart using ICMP echo.
• Tear Drop: It is a flaw exploitation attack that involves 2 or more IP fragments that cannot be properly assembled due to improperly configured fragment offset numbers.
• Land: It is a flaw exploitation attack, where the packet has the same source and destination IP addresses as well as port numbers.
• ICMP Flood: Overwhelms a target with ICMP packets till it becomes unresponsive.
• UDP Flood: is like ICMP but uses the UDP protocol by sending many UDP packets to random ports on the targets. The targets respond with either RST or ACK packets depending on how the system is configured the target can reboot, crash or be unresponsive.
• Smurf: is a type of ICMP flood attack, which sends ICMP packets. It makes all systems on the network echo-reply to specific target making it unresponsive or crash.
• Fraggle: is a variation of a smurf attack that uses UDP packets.
Protection against DDOS/DOS
• Egress Filtering: A filter, which drops outgoing packets from the internal subnet, which do not have a source address from that subnet.
• Ingress Filtering: Configures a router to drop external packets with IP sources addresses from internal subnets.
• Disable IP-directed broadcasts: Disable Smurf attacks by configuring the router to drop Packets, which ping broadcast address of an IP subnet.