DoS (Denial of Service) Attack Types:
Major DoS attack types include OOB, Teardrop, Land, Bonk/Boink, Jolt, SSPING,
Pepsi, ICMP (Click), POD (Ping Of Death), and Smurf.
OOB (Out-Of-Band) nukes were one of the first types of DoS attack. They use
port 139 and are fixed in Win98 (only early versions of Win95 are
susceptible, as well as some versions of Windows NT). They simply connect to
the victim's port 139 and send any random data, which confuses the target.
They create a BSOD (Blue Screen Of Death), after which all TCP/IP services
cannot be used until the system is rebooted.
Teardrop and Land are both actually Windows exploits. Teardrop and Land are
fixed in Win98 (only Win95 is susceptible). Teardrop and Land both will lock
up your computer. Teardrop uses IP (which is why it can be cured by VIPUP,
the Virtual IP Update), while Land uses TCP (which is why it can be cured by
VTCPUP, the Virtual TCP Update).
Boink (which is actually an updated version of Bonk), like Teardrop and Land,
is a Windows exploit. Teardrop, Bonk, and Boink all send fragments of packets
which cannot be re-assembled at the receiving end, causing the system to lock
up. Land uses a different tactic: It creates a spoofed packet which makes
your computer try to establish a TCP connection with itself. This redundant
connection causes the computer to lock up.
Jolt and SSPING are similar: They also send fragmented packets which make the
system lock up, but they have the added effect of making the packets huge,
thus bogging down the system further.
Pepsi is a UDP flooder. It uses random source address information to make it
look like many different machines are flooding the victim at once. This one
is particularly nasty.
ICMP nukes use ICMP, the Internet Control Message Protocol, to terminate
connections. The idea is that if you send an ICMP message to a server stating
that a particular computer connected to it has dropped the connection, the
server will drop the connection, and the target computer will be disconnected
even if it hadn't really dropped the connection. There is little to be done
about ICMP nukes, since ICMP is a fundamental part of the Internet and its
architecture makes this a fundamental vulnerability. (These kinds of nukes
are often called "Click" attacks.)
POD (Ping Of Death) attacks usually rely on sending a single huge ping
packet. The ping packet is actually made larger than the TCP/IP specification
allows such a packet to be (specifically, it allows for up to 65,536 bytes),
thus confusing the target (it creates a buffer overflow) and usually either
locking it up or stopping all its network services.
Smurf attacks are a newer form of DoS, and they are among the most effective.
(Sven Nielsen, founder of DALnet (the third-largest IRC network in the
world), called Smurf "probably the worst attack the Internet has seen to
date".) Again, they use ping packets. A Smurf attack sends ping packets to a
network's broadcast address. This causes a single ping packet to be sent out
to 255 other systems. Under normal circumstances, this would create 255 ping
responses, flooding the sender of the original ping packet. However, Smurf
spoofs the ping's source address, setting it to the victim's computer, so the
target system ends up receiving 255 ping responses from the other machines
which thought the victim was pinging them. And since this happens several
times over (the computer sending the Smurf attack does not only send one ping
to the broadcast address, but several repeatedly), well, you get the idea.
(
geocities.com/siliconvalley)