In other words
A glossary of DoS terms
|
|||
 | |||
|
ACK floods - An attack that sends a large number of TCP packets with the ACK flag set to a target.
Denial of service (DoS) - When an attack is launched against a target system or network that prevents valid, authorized users from accessing resources.
Distributed denial of service - When many systems launch a DoS attack against one specified target.
Fraggle - A DoS attack that sends User Datagram Protocol (UDP) Internet Control Messaging Protocol (ICMP) echo packets to network broadcast addresses.
ICMP flood - An attack that sends a large number of ICMP packets to a target.
Jolt2 - A DoS attack created by sending a large number of fragmented IP packets to a target. The target system will use 100% of its resources.
Land - A DoS attack, with a spoofed source IP address, that makes a connection attempt on a system that appears to be from the same IP address/port, confusing the system and causing the TCP/IP stack to lock.
Mstream - A client/server distributed DoS tool.
Naptha - A new breed of sophisticated DoS attacks that can consume all network connections on a target system. Naptha starts with a SYN flood, but it can then send the corresponding ACK, keeping the TCP/IP session open even longer on the target system.
Opentear - A DoS attack that sends fragmented UDP packets to random ports on the target machine. The source IP addresses are randomized. The target system will use 100% of its resources and might reboot.
Pimp2 - A DoS attack that sends random Internet Group Management Protocol packets to the target system.
Randomized DDoS attack - When the source IP addresses of the attack packets are forged, making the actual source of the packet more difficult to identify.
RC8 - A DoS tool that floods a target with UDP packets.
Reflective DDoS attack - A new twist on distributed DoS attacks in which a SYN flood attack is sent to a large Web site, but the packets have a spoofed source IP of the real attack target. The Web site replies to this large number of SYN requests, sending its responses to the spoofed "target" IP address. To the target, it looks like the large Web site is launching a DoS attack against them.
Stacheldracht - A distributed DoS attack tool that encrypts communication between the attacker and Stacheldracht master servers. It also provides automatic updates of infected systems.
SYN floods - A type of DoS attack where a large number of TCP SYN packets (the first packet in a TCP/IP connection), usually with spoofed source IP addresses, are sent to a target. The target system replies with the corresponding ACK packet and waits for the final packet of the TCP/IP three-way handshake. Because the source IP address of the initial packet was spoofed, the target never will receive the final packet, leaving it to hold TCP/IP sessions open until they time out. A SYN flood causes so many TCP/IP open sessions that the system becomes overwhelmed and cannot handle any more network traffic.
Synk4 - A SYN flood DoS attack.
Targa3 - A DoS attack that sends malformed TCP/IP packets to a target system, causing it to consume 100% of its resources, having the TCP/IP stack lock. Examples of packet malformations include invalid fragments, packet size and offsets.
Back to main review: "Denial of service: Fighting back"
