DOS and DDOS attack
Attacker exhaust available server resources by sending hundreds of resource-intensive requests,such as pulling out large image files or requesting dynamic pages that require expensive search operations on the backend database servers
Why Are Application Vulnerable?
- Reasonable Use Expectations
- Application Environment Bottlenecks
- Implementation Flaws
- poor Data Validation
Web Server Resource Consumption
Targets
- CPU,Memory and Sockets
- Disk Bandwidth
- Database Bandwidth
- Worker Processes
Web Services Unavailability
Application-Level DOS attacks enulate the same request syntex and network-Level traffic characteristics as that of the legitimate clients,whic makes it undetectablr by existing DOS protection measures .
Login Attacks
The attacker may overload the login process by continually sending login requests that require the presentation tier to access the authentication mechanism,rendering it unavailable or unreasonably slow to respond.
User Registration DOS
The attacker could create a program that submits the reqistration forms repeatedly ;adding a large number of squrious users to the application.
Account Lock-OUT Attacks
The attacker may enumerate username through another vulerability n the application and then attempt to authenticate to the site using valid username and incorrect passwords which will lock out the account atfer the specified number of failed attempts.At this point legitimate users will not be able to use the site .
User Enumeration
If application states which part of the username/password pair is incorrect,an attacker can automate the process of trying common usernames from a dictionary file to enumerate the users of the Appliction.
The attacker may overload the login process by continually sending login requests that require the presentation tier to access the authentication mechanism,rendering it unavailable or unreasonably slow to respond.
User Registration DOS
The attacker could create a program that submits the reqistration forms repeatedly ;adding a large number of squrious users to the application.
Account Lock-OUT Attacks
The attacker may enumerate username through another vulerability n the application and then attempt to authenticate to the site using valid username and incorrect passwords which will lock out the account atfer the specified number of failed attempts.At this point legitimate users will not be able to use the site .
User Enumeration
If application states which part of the username/password pair is incorrect,an attacker can automate the process of trying common usernames from a dictionary file to enumerate the users of the Appliction.
How do you know if an attack is happening?
Not all disruptions to service are the result of a denial-of-service attack. There may be technical problems with a particular network, or system administrators may be performing maintenance. However, the following symptoms could indicate a DoS or DDoS attack:
- unusually slow network performance (opening files or accessing websites)
- unavailability of a particular website
- inability to access any website
- dramatic increase in the amount of spam you receive in your account
How do you avoid being part of the problem?
Unfortunately, there are no effective ways to prevent being the victim of a DoS or DDoS attack, but there are steps you can take to reduce the likelihood that an attacker will use your computer to attack other computers:
- Install and maintain anti-virus software (see Understanding Anti-Virus Software for more information).
- Install a firewall, and configure it to restrict traffic coming into and leaving your computer (see Understanding Firewalls for more information).
- Follow good security practices for distributing your email address (see Reducing Spam for more information). Applying email filters may help you manage unwanted traffic.
0 comments:
Post a Comment