'Attack types'

Using HTTP flood hacker sends randomized HTTP queries at victim system. It is hard to deal with HTTP flood attacks because there is almost no way to identify legitimate packets from the ones sent by the hacker. Furthermore, unlike with ICMP flood attacks, you cannot block all HTTP traffic without making your web server inaccessible. The target of HTTP flood ddos attack is not just the servers TCP/IP stack but the web server running on it making the attack much more dangerous in terms of crashing the server.

How to block and prevent HTTP flood?

The most efficient way o fight HTTP flood is a technique called tarpitting. You can enable tarpitting on Linux based systems by iptables -A INPUT -s x.x.x.x -p tcp -j TARPIT . Tarpitting automatically sets connections window size to few bytes once it is established. According to TCP/IP protocol design, the connecting device will initially only send as much data to target as it takes to fill the window until the server responds. If the connecting device does not receive out response it will start sending the packets again and again over longer period of time. The point of tarpitting is not to respond again to the packets, that didn’t get the response at first time (and were thereby spoofed).

Using UDP (User Datagram Protocol) computers can exchange short messages called datagrams.  During UDP attack hacker will send a large amount of UDP packets with spoofed source addresses at victim. As UDP is a connectionless protocol it does not require a connection to be set up between computers to be processed. Victim system will search for applications using the port and if it can’t find any it will respond with a ICMP Destination Unreachable packet.

With many UDP packets sent, the victim system will respond with a huge amount of ICMP packets thereby not being able to respond to legimate traffic.

How to stop and prevent UDP attack?

1.  Disable all unused UDP services
2. Block all IP addresses sending UDP packets to ports not used by any application installed to the server.

Most operating systems to year 1998 had defined maximum size of ping packet to 64 bytes. During ping of death attack, hacker sent packets larger than 64 bytes to the system to crash it. This vulnerability is fixed in all of modern Operating systems making it rather historical bug, though still worth examining. Even though packers that large weren’t not allowed in network protocol they could be sent in fragments and caused buffer overflow while receiving system reassembled back together. Buffer overflow means, that application is trying to store more data than it’s allowed in memory space defined for it thereby pushing additional bytes to random locations in computer memory. Ping of death attacks were especially dangerous because most operating systems were vulnerable to it and attacker didn’t have to have any information about the target system other than it’s IP address. As all the requests could be spoofed, identifying the attacker was nearly impossible.
Even though ping of death attack in it’s literal sense is dead a modern day equivalent for it is just sending more ping requests to victim than their system can handle, thereby causing a denial of service.

ICMP flood (also known as ping flood) is probably the most common denial of service attack methods. It takes advantage of Internet Control Message Protocol (ICMP) that is used to exchange system messages and handle errors between computer systems. ICM protocol is commonly used for determining, if host is online and responding (ping command has been built into most of Operating systems for that). To determine, if the server responds an ICMP echo packet is used. Once server recieves the echo packet it responds to the IP address that sent the ping.
In ICMP flood hacker sends big or just many ICPM echo packets or UDP packets at the server. Due to the huge amount of packets server is trying to respond it won’t be able to respond to other requests thereby making the service unavailable.
ICMP attacks can be redular or distributed. Distributed ICPM floods are especially dangerous as a whole network of computers is pinging the same service.

How to stop ICMP flood?

Sadly there are few methods for victim to fight ICPM floods. Once the attack has started it is very hard to stop it, preventing it is equally hard. However there are some steps you can take to ensure your network safety.

1. 1. Block icmp-type 8 thereby blocking all the echo requests to your server. This is advisable only during heavy attack as it will also block all ping requests.
2. 2. Firewall and packet filtering can help, but probably won’t block all the attack packets without making any of your services unavailable.
3. 3. Use client bottlenet to reduce the number of malicious requests that reach designated network/router/server.

Most network technologies have a limit to the size of packets they can handle called Maximum Transfer Unit (MTU). Teardrop attacks exploits the way IP protocol splits packets, that are bigger than the systems MTU. The packets are divided into segments with each having an offset referring to the previous packet that later enables the packet to be reassembled from the segments by the receiving system. In teardrop attack, hacker sends packets with confusing offsets (for instance, the byte set as offset being in the middle of the segment) in the second or later segment to the target. If the server doesn’t know how to handle such packets it will crash.
Even though only Windows NT and Linux 2.0.30 (and below) operation systems are vulnerable to Teardrop attack, making it a pretty old method, it is still used sometimes. Even though today there are efficient ways to sort out broken and overlapped packets using firewalls, sending thousands of teardrop packets can still crash the system.

How to protect yourself against TearDrop attacks?

1. 1.The most efficient way to protect yourself is to update your operation system to the latest version, thereby making you invulnerable to tear drop attacks.
2. 2. Installing batches to make your system invulnerable to tear drop attacks.
3. 3. Firewalls can provide protection against various Denial of service attacks, however as mentioned before it won’t guarantee 100% protection from tear drop attacks.