What is a DoS attack?
For anyone working in an IT environment, a denial-of-service (DoS) or distributed denial-of-service (DDoS) attack represents a virtual nightmare. Broadly, it refers to making any computer resource unavailable to the proper users. Popular targets include web servers for banks, credit card payment gateways, and root nameservers, but a DoS attack can wreak havoc no matter what the industry.By shutting off access to information, a DoS attack violates a number of the principles of information security, including Possession or Control, Integrity, and especially Availability. DoS attacks also violate ISP acceptable use policies and the Internet Architecture Board’s proper use policy, as well as breaking national laws.How do you determine if your network has been targeted by a DoS attack? Common signs are slow network performance, web site unavailability, web site access issues, and an increase in spam e-mail. Some of these symptoms are emphasized in certain types of attacks. For instance, an especially large amount of spam is known as an e-mail bomb.Luckily for IT professionals, there are only a limited number of known methods of attack. This is lucky because it allows companies and organizations to prepare and defend themselves before such an incident occurs. Basic types of attacks include consuming resources such as bandwidth or disk space, disrupting configuration information, disrupting state information, disrupting physical network components, and obstructing communication channels.To protect your company or organization against such an attack, you should first make sure that your basic security is up to date. Set up firewalls to deny suspicious protocols, ports, and IP addresses. However, some DoS attacks can bypass even the best firewalls, so you should also employ switches and routers with rate-limiting and ACL capability. If the attack has a signature associated with it, it may be blocked by an intrusion-prevention system.Sometimes, such an attack may still get through. In these cases, your best hope is either “blackholing and sinkholing” or “cleaning pipes.” The first solution refers to sending all traffic, good or bad, directed at an affected server to a non-existent or isolated server. The latter solution involves passing the traffic through a proxy to separate the “good” from the “bad” traffic.