In the cybersecurity industry, there is a mistaken notion that a denial of service (DoS) attack only consists of flooding a target system to render it unavailable for legitimate uses. And while this indeed describes a DoS attack, there are other forms.
There is DoS’s big brother, distributed denial of service (DDoS), in which a large number of systems flood a target system to completely overwhelm it. But on the other end of the scale, a DoS attack can also consist of a single packet, which can be considerably more difficult to detect.
Let’s look at some examples of single packet DoS attacks, both new and old:
- Incoming iMessage vulnerability bricks iPhones, requiring a factory reset to recover (CVE-2019-8573, CVE-2019-8664). https://www.forbes.com/sites/daveywinder/2019/07/07/google-confirms-apple-iphone-bricking-imessage-bomb/
- Ping of death (CVE-2013-3183). A malformed ping, such as a ping packet containing as many as 65,535 bytes, can cause a buffer overflow, resulting in a crash of the target system.
- INVITE of Death. A malformed SIP INVITE to a VoIP server can result in a crash of the server. https://www.researchgate.net/publication/224121854_Evaluating_DoS_attacks_against_SIP-based_VoIP_systems
- Zip bomb (CVE-2019-9674 and others). A specially formed ZIP archive that expands to exhaust system resources. The well-known 42.zip file expands to 4.5 petabytes of uncompressed data.
- WinNuke (CVE-1999-0153). This attack on older versions of Windows sends out-of-band data to a target computer on TCP port 139 that contains an Urgent pointer, causing it to crash.
- LAND (CVE-1999-0016). This attack sends a spoofed TCP SYN packet with the target host’s IP address as both source and destination. This causes the machine to reply to itself continuously.
- Regular expression denial of service (ReDoS) (CVE-2021-23490, CVE-2021-45470, and others). This attacks a target system’s regular expression parser by providing a regular expression that takes a very long time to evaluate.
Refer to these sources if you are not familiar with Denial of Service: