IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [denial-of-service]

Denial of Service (DoS) is a family of attacks that attempt to force a target to use up resources (CPU time, memory, bandwidth etc) by flooding a target with useless packets, connections or tasks.

Denial of Service (DoS) is a family of attacks that attempt to force a target to use up resources (CPU time, memory, bandwidth etc) by flooding a target with useless packets, connections or tasks.

446 questions
32
votes
4 answers

Normal usage vs. denial-of-service? How many requests are needed to talk about a denial of service?

Recently I used a tool to download a website and as part of the tool one could adjust the number of parallel connections. So now I found myself asking: starting from how many requests a provider could rate it as a denial of service. I googled around…
Lonzak
  • 443
  • 1
  • 4
  • 8
26
votes
4 answers

nf_conntrack: table full, dropping packet

I see a lot of these messages in /var/log/messages of my Linux server kernel: nf_conntrack: table full, dropping packet. kernel: __ratelimit: 15812 callbacks suppresse while my server is under DoS attack but the memory is not still saturated. I am…
hnn
  • 1,047
  • 2
  • 10
  • 12
19
votes
5 answers

How can a DoS attack be used as part of the 'Gaining Access' phase of a hack?

I'm doing some revision for an exam and I've made a note to look at how DoS attacks can be used to gain access to a system. I can't find anything online but I found a reference to the fact here. I hope one of you can enlighten me
user25517
13
votes
1 answer

how does a reflection attack work?

I am trying to understand reflection attacks but unfortunately wikipedia is too vague. I understand that in such an attack the attacker tries to authenticate with the target but does so in such a way that the target authentication system's challenge…
bernie2436
  • 1,457
  • 10
  • 22
  • 29
12
votes
4 answers

What lessons about Denial of Service can we learn from Egypt's "experiment"?

Internet service was widely disrupted in Egypt starting Jan 27th at about 22:15 UTC, in the space of about 20 minutes: How Egypt Killed the Internet. Service was largely restored 5 1/2 days later on Feb 2 at about 9:30 UTC: Overview of routing…
nealmcb
  • 20,783
  • 6
  • 72
  • 117
10
votes
3 answers

Can one prove that a server can be secure against DoS?

Is it possible to prove mathematically that a server is immune to denial-of-service attacks? Or is there some result in computer science journal that it this is an impossible task to do?
curious
  • 127
  • 1
  • 4
7
votes
2 answers

How to prevent smurf attack?

I am using college network to access internet. Many other users are using the same network. Recently I have been experiencing sluggish net connection. So when I did some investigation, I found that many other computers on the network have been…
Snake Eyes
  • 501
  • 4
  • 11
7
votes
2 answers

Does clicking lead to DoS attack?

I have a website. Suppose someone will code a program that will click continuously on the links of my webpage: could this lead to a DoS attack ?
user52848
7
votes
3 answers

A way to prevent non distributed, network-level DoS attacks?

I have a DigitalOcean Ubuntu 16.04 machine with Bash as main shell, Nginx, PHP-FPM, and MySQL as server environment, Certbot for TLS and WordPress for web applications. I protect from MITMs with TLS. I protect from SSH and application BFAs with…
Arcticooling
  • 1
  • 1
  • 4
  • 19
6
votes
2 answers

Resource consumption attacks against algorithms

I am studying algorithm construction and weaknesses to resource consumption. One vulnerability that really caught my eye was the Apache Range Header DoS Vulnerability. The following quote was taken from Apache developers discussing the flaw: From…
rook
  • 47,238
  • 10
  • 96
  • 182
4
votes
1 answer

UDP Flood Attack false positive

Symantec keeps blocking traffic from the IP of my Comcast SMC Network gateway. It blocks traffic because it is detecting a UDP Flood Attack. According to the log the CPU usage is spiking to 100% when this attack occurs but Im not seeing this spike…
Jonathan Eckman
  • 143
  • 4
3
votes
1 answer

Server takes 30 seconds to respond to simple request. DoS?

I'm testing a web app and noticed that by converting a particular GET request to a POST request the server takes about 30 seconds to respond and then returns a generic error page (compared to the original GET request which took the server about…
pineappleman
  • 2,299
  • 12
  • 22
2
votes
1 answer

Could a large amount of wget requests be viewed as an attack?

I'm working on a program that downloads and analyzes historical stock data from Yahoo Finance. I download the data in my program by using the wget command. I have a list of about 3,000 stock symbols and the .csv files for each one are downloaded…
Dustin01
  • 33
  • 3
2
votes
3 answers

Security considerations in concurrent applications

I have been building a network application with a Client/Server model, where a central server handles multiple client threads. I did my best to ensure that no matter what context the program is run it won't deadlock as part of a security…
pjmil
  • 133
  • 4
2
votes
0 answers

Ping Of Death reconstruction against a Windows 95 virtual machine

For the sake of demonstration, I'm trying to perform a Ping Of Death sent from a Kali Linux virtual machine to a Windows 95 virtual machine (vmware) on a private network. I've set both vms correctly, they are able to ping each other. I've installed…
mak
  • 121
  • 1
  • 3
1
2 3