A denial-of-service (DoS) attack is meant to overload or shut down a network, host, or service, thus making it inaccessible to users or applications. DoS attacks make services inaccessible by flooding the target with traffic or sending it malware that triggers a crash.
The DoS attack deprives legitimate users access to the service or resource they expected. Though DoS attacks typically do not result in the theft or loss of significant information or other assets, they can cost the victim substantial time and money.
An Internet Control Message Protocol (ICMP) flood leverages misconfigured network devices by sending spoofed packets that ping every computer on the targeted network, instead of just one specific machine.
The example shows how the attack is designed to flood network bandwidth with illegitimate traffic.
A TCP SYN flood continually initiates but never completes the TCP three-way handshake. This behavior continues until all available network buffers are consumed and no buffers remain available for legitimate TCP connections.
The example shows a DoS attack exploiting vulnerabilities that can cause the target system or service to crash. In these attacks, malware is sent that takes advantage of bugs in the target’s software that subsequently crash or severely destabilize the target. The ping of death attack is an example.
A multisession DoS attack can be launched from a single host or multiple hosts. Such an attack is characterized on the firewall by a high rate of connections per second (CPS), where each connection is an attempt to initialize a new firewall session. If a multisession DoS attack is launched from multiple hosts, then the attack is known as a distributed denial-of-service (DDoS) attack. You monitor the firewall CPS rate using the CLI operational command show session info | match “Number of allocated sessions”.
A single-session DoS attack is launched from a single host. The source host transmits as much data as possible to the destination. These attacks are characterized by a high packet rate in an established firewall session. You monitor the packet rate using the operational CLI command show session info | match “Packet rate”.
