Tag Archives: denial of service

Denial of Service (DoS) Attacks Need Not Be High Volume To Be Effective

In the cybersecurity industry, there is a mistaken notion that a denial of service (DoS) attack only consists of flooding a target system to render it unavailable for legitimate uses. And while this indeed describes a DoS attack, there are other forms.

There is DoS’s big brother, distributed denial of service (DDoS), in which a large number of systems flood a target system to completely overwhelm it. But on the other end of the scale, a DoS attack can also consist of a single packet, which can be considerably more difficult to detect.

Let’s look at some examples of single packet DoS attacks, both new and old:

  • Ping of death (CVE-2013-3183). A malformed ping, such as a ping packet containing as many as 65,535 bytes, can cause a buffer overflow, resulting in a crash of the target system.
  • Zip bomb (CVE-2019-9674 and others). A specially formed ZIP archive that expands to exhaust system resources. The well-known 42.zip file expands to 4.5 petabytes of uncompressed data.
  • WinNuke (CVE-1999-0153). This attack on older versions of Windows sends out-of-band data to a target computer on TCP port 139 that contains an Urgent pointer, causing it to crash.
  • LAND (CVE-1999-0016). This attack sends a spoofed TCP SYN packet with the target host’s IP address as both source and destination. This causes the machine to reply to itself continuously.
  • Regular expression denial of service (ReDoS) (CVE-2021-23490, CVE-2021-45470, and others). This attacks a target system’s regular expression parser by providing a regular expression that takes a very long time to evaluate.

Refer to these sources if you are not familiar with Denial of Service:

https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos

https://www.rapid7.com/fundamentals/denial-of-service-attacks/

https://datatracker.ietf.org/doc/html/rfc4732