A Look At Some Network-Based DDoS Attacks, And How To Protect Against Them
The Distributed Denial of Service Attack has a long and storied history in the cybersecurity space. Originally based primarily on the TCP and UDP protocols, they’ve since expanded to new horizons, as attackers think of new and creative ways to flood and shut down vulnerable systems.
That isn’t to say older attack vectors are entirely obsolete, mind you. It’s important to be aware of some of the DDoS methods of yesterday, in the rare event that they make a comeback – which, as you’ll soon see, has been known to happen.
Today, we’re going to discuss two of them
A Teardrop attack (which is really just a fancy way of saying “ip fragmentation) was a relatively simple thing to execute back in the day. The attacker would send messages fragmented into multiple UDP packages to a vulnerable operating system. The system, unable to deal with the corrupted data, would eventually crash.
It’s an old attack method, to be sure – originally targeted at machines running Windows 3.1, 95, NT, or a version of Linux prior to 2.1.63.
But back in 2009, Windows 7, 8, and Vista were revealed to be subject to IP fragmentation, and it’s pretty clear that although this DDoS vector is gone, it’s anything but forgotten. It could very well surface again in the near future – and it falls to you to protect your organization against it.
Luckily, this is a relatively easy thing to do. Configure your firewall to automatically inspect data packets for violations of fragmentation rules, and make sure that whatever DDoS mitigation tool you’re using can block bogus packets across multiple ports and protocols.
A fraggle attack works in the same way as a smurfing attack, which floods an address with bogus ping requests. The main difference between the two is that Fraggle makes use of the UDP protocol instead of ICMP. Most routers no longer forward packets directed at their broadcast addresses, however – so Fraggle is definitely obsolete, provided your network hardware is up to date.
And in the event that it isn’t, you might want to see that you update it soon.
Although Teardrop and Fraggle attacks aren’t exactly commonplace anymore, it’s still important to be aware of them. There’s a chance that one of the two might well make a comeback (though using a slightly different methodology). And even if they don’t, it’s interesting to take a look back on occasion – if only to see how far we (and the hackers who target our organizations) have come since the nineties.