The network is the only entry point for all cloud services. Network attacks, especially denial of service attacks, are the most diverse and harmful, and one of the most difficult to protect against network risks. This course is designed to help students understand the principles of DoS attacks in a minimum amount of time and learn common protection methods and Alibaba Cloud Anti-DDoS protection solutions to minimize or reduce the risk of network layer attacks, protect your cloud network security.
Cloud security administrator, Cloud security operator
How to get Certified
Certification:Apsara Clouder - Cloud Security: Use Alibaba Cloud Anti-DDoS Service to Defend DoS Attack
Exam Duration:30 Minutes
No. of Exam Attempts:2 Times
Use Alibaba Cloud Anti-DDoS Service to Defend DoS Attack
Through this course, you can learn not only the theories and means of DoS attacks, but also how Alibaba Cloud Anti-DDoS products protect your business continuity and security.
- DoS attack introduction
- Classification of DoS attack
- Common DoS attack types
- DoS attacks mitigation and prevention
- Alibaba Cloud Anti-DDoS solutions
- Anti-DDoS basic and pro demo
Classifications of DoS Attacks
Learn the different classifications of DoS attacks based on attack type, understand DoS classification by stack breakdown, know DoS classifications by network traffic, learn DoS classifications by level of osi layer and know some other DoS classifications. Denial of service attacks are characterized by an explicit attempt by attackers to prevent legitimate use of the service. There are two general forms of DoS attacks based on attack type: those based on vulnerabilities and those based on osi model. As we can see here, for those based on vulnerabilities they are: stop breakdown attack, which utilizes operating systems vulnerabilities such as, remote overflow DoS attack. Network traffic attacks, which uses natural protocols for data transmission such as syn, flood attack, ack flood attack, ICMP flood attack, udp flood attack, connection flood attack, and http get flood attack. For those that are based on osi model of DoS attacks. They are comprised of: the application layer attack, such as spam and virus emails, and dns flood attack, natural clear attack such as syn flood, ICMP flood. Link layer attack, which typically uses arp forged packets to attack, and the physical layer attack like cable damage, electromagnetic interference. For DoS attacks, which use the stack breakdown. There are two subtypes, network protocol vulnerabilities, and system vulnerabilities. The former typically uses transmission protocol defects. Here are some examples which utilize transmission, political defects: one, ip and source routing, though commonly used together, tcp and ip, are actually separate protocols. The connectionless internet protocol, or ip, allows information streams to be broken up into segments known as data packets, or simply packets, which may then be sent from point to point via various routing protocols used by the machines along the transit route. IP takes either of two forms, ipv 4 or ipv 6, the address resolution protocol, arp internet group multicast protocol, an internet control message protocol, icmp art transmission mechanisms that also exist at the internet layer. When information is broken up into packets, the ip source generates a listing of the routes that packets must take to each of their intended destination. This listing may in turn be used by the recipient to send information back to the sender. Unfortunately, at this stage attackers can also gain access to the source path and modify the options in the route for a data packet in what's known as a source route attack. An attacker may also be at liberty to read the data packets, potentially gaining access to confidential information, financial details or intellectual property. This risk may be offset to some extent by dropping or forwarding any data packets which carry the source route option. ICMP flood, also known as ping flood is a common denial of service attack in which an attacker takes down a victim's computer by overwhelming it with ICMP echo requests, all also known as pings. The attack involves flooding the victim's network with request packets, knowing that the network will respond with an equal number of reply packets. Additional methods for bringing down a target with ICMP requests include the use of custom tools or code. This strains both the incoming and outgoing channels of the network, consuming significant bandwidth and resulting in a denial of service. The latter normally uses a vulnerability in a service program. For example, the attacker sends data in a specific format to a server which has a vulnerability in the service program causing the service program to generate errors and denial of service. There are also two sub types of DoS attacks based on network traffic. Abuse of legitimate service requests would take up too much service resources, causing the system to overload. These service resources usually include that of bandwidth, file system space capacity, open processes, or all connections. Generating high traffic wireless data, such as maliciously sending a large variety of random and unproductive packets. Occupying natural bandwidth with such high traffic data would cause network congestion. These attacks work based on the connections per second principle. Here, the service are flooded with a high rate of connections from a valid source. In this attack, a group of zombies attempt to exhaust service resources by setting up or tearing down tcp connections. For example, an attacker may use his or her zombie army to fetch the home page from a target web server repeatedly, thus resulting in a load on the server making it sluggish. Based on the osi model, we have another type of dos attack, which is type two. This includes application layer, transport layer attack, network clear attack, and link clear attack. An application layer DDoS attack sometimes refer to as layer seven DDoS attack is a form of DDoS attack where attackers target the application layer of the osi model. An application layer DDoS attack is done mainly for specific targeted purposes, including disrupting transactions and access to databases. It requires fewer resources than network layer attacks, but often accompanies them. An attack is disguised to look like legitimate traffic except it targets specific application packets. The attack on the application layer can disrupt services, such as the retrieval of information, or search function, as well as web browser function, email services, and photo applications. To be deemed a distributed denial of service attack more than around three to five nodes on different networks should be used. Using fewer notes qualifies as a DoS attack but not a DDoS attack. DNS protocol attacks is an example of application layer DDoS attack. Assaults on the domain name system, dns, which resolves alphanumeric IP addresses with more recognizable host domain names like my "website.com", allows attackers to modify dns records so that they misdirect traffic to incorrect or spoofed ip addresses. Dns cache poisoning falsifies information in the dns cache, with the aim of redirecting traffic to a site or resource set up by the attackers. The classic farming ploy that lures unsuspecting users to a bogus website that identical in appearance to a legitimate one for harvesting users credentials or financial data. Dns spooning alters IP address of a computer to match that of a DNS server, rerouting traffic to the attackers own machines.