Prior to addressing each of these listed recipes individually, we should address some of the underlying principles and understand how they relate to the DoS attacks that will be discussed in this chapter. The DoS attacks that we will discuss in the recipes that follow could all be categorized as buffer overflows, traffic-amplification attacks, or resource-consumption attacks. We will address the general principles associated with how each of these types of attacks works in this order.

Buffer overflows are a type of coding vulnerability that can result in the denial of service of an application, service, or the entire underlying operating system. Generally speaking, buffer overflows are capable of causing a denial of service because they can result in arbitrary data being loaded into unintended segments of memory. This can disrupt the flow of execution and result in a crash of the service or operating system.

Traffic-amplification DoS attacks are able to generate a DoS condition by consuming the network bandwidth that is available to a particular server, device, or network. Two conditions are required for a traffic-amplification attack to be successful. These conditions are as follows:

• Redirection: An attacker must be able to solicit a response that can be redirected to a victim. This is generally accomplished by IP spoofing. As UDP is not a connection-oriented protocol, most application-layer protocols that use UDP as their associated transport layer protocol can be used to redirect service responses to other hosts via spoofed requests.
• Amplification: The redirected response must be larger than the request that solicited that response. The larger the response byte size to request byte size ratio, the more successful the attack will be.

For example, if a UDP service that generates a response that is 10 times larger than the associated request is discovered, an attacker could leverage this service to potentially generate 10 times the amount of attack traffic than it could otherwise generate by sending spoofed requests to the vulnerable service at the highest rate of transmission possible.

Resource-consumption attacks are attacks that generate a condition in which the local resources of the hosting server or device are consumed to such an extent that these resources are no longer available to perform their intended operational function. This type of attack can target various local resources, including memory, processor power, disk space, or sustainability of concurrent network connections.