O'Reilly logo

BGP by Iljitsch van Beijnum

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Denial-of-Service Attacks

If your network or the services hosted on it have a high profile, or you did something to provoke the wrong people, you can easily end up on the receiving end of some kind of attack. Attackers are lazy, so they’ll go for the easy targets. If your hardware or software or the protocols you use have known vulnerabilities, they’ll try to exploit those. Even worse, attackers are continually scanning networks they have no beef with to find vulnerable systems they can abuse to attack people they don’t like. With software and protocols becoming more complex every day, it isn’t easy to keep all the systems on your network secure so they can withstand known attacks. But even if they can, you’re not out of the woods: attackers can still swamp your hosts or the entire network with random traffic or seemingly legitimate requests, thereby using up all resources so that requests from real users can’t be handled, denying them service. When an attack originates from a (large) number sources, it’s called a distributed denial-of-service (DDoS) attack. The four most popular DoS attacks are, in no particular order:

Packet flood

This attack works by simply sending so much traffic that it completely saturates the incoming connections of the attacked network. The traffic can be anything, but ICMP echo requests are particularly effective because many hosts answer with an echo reply, introducing even more traffic into the network. Also, ICMP messages can be small (as little as 28 ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required