1. Denial of Service (DoS)

Definition: A Denial of Service (DoS) attack aims to make a machine or network resource unavailable to its intended users by overwhelming it with a flood of superfluous requests, thus exhausting the system’s resources and causing legitimate requests to be delayed or denied.

Types of DoS Attacks:

• Flood Attacks: The attacker sends a large volume of traffic to a victim’s system, overwhelming its capacity.
  • ICMP Flood (Ping Flood): Floods the target with ICMP (Internet Control Message Protocol) Echo Request (ping) packets.
  • SYN Flood: Exploits the TCP handshake by sending SYN requests to exhaust server resources.
• Application Layer Attacks: Target specific applications, like HTTP servers, by sending legitimate-looking but malicious requests.
• Distributed Denial of Service (DDoS): A large-scale DoS attack where multiple compromised systems (often part of a botnet) attack a single target.

How DoS Works:

Attackers generate a large amount of traffic that the target cannot handle, leading to a slowdown or complete failure. Some attackers exploit vulnerabilities in network protocols or software to crash or disable the system.

Symptoms of a DoS Attack:

• Slow network performance.
• Unavailability of a particular website.
• Inability to access resources such as emails or files.
• Increase in spam emails.

Prevention Methods:

• Firewalls: Can block malicious traffic by filtering IP addresses.
• Intrusion Detection Systems (IDS): Monitor traffic and alert administrators of potential DoS attacks.
• Rate Limiting: Restrict the amount of traffic allowed from any single IP address.
• Load Balancing: Distributes traffic among multiple servers to reduce the burden on a single machine.

Example:

A student trying to access an online exam portal finds the website unresponsive due to a DoS attack. The attacker is sending thousands of requests per second, making it impossible for legitimate users to log in and complete their exams.

Case Study (India):

2016 DDoS Attack on Indian Banks: After the demonetization of ₹500 and ₹1000 notes, several Indian banks, including State Bank of India (SBI), faced DDoS attacks, overwhelming the online banking systems and preventing customers from accessing their accounts. This event highlighted the vulnerability of critical financial infrastructures to DDoS attacks.

2. Sniffer (Packet Sniffer)

Definition: A packet sniffer, or network sniffer, is a tool used to capture and analyze network traffic by intercepting and logging data packets as they travel across the network. Sniffers can be used for legitimate network troubleshooting or malicious activities like stealing sensitive data.

How Sniffers Work:

When a data packet is transmitted across the network, it contains source and destination IP addresses, protocol information, and sometimes data payloads. A sniffer captures these packets and displays the raw data for analysis. If the packets are not encrypted, the sniffer can read the data content.

Types of Sniffers:

• Passive Sniffing: Involves listening to network traffic without interacting with the network. Works best in environments like hubs.
• Active Sniffing: Involves injecting packets into the network to manipulate traffic or force devices to send data that can be intercepted. This is typically done in switched environments.

Common Sniffer Tools:

• Wireshark: A popular open-source tool for capturing and analyzing network traffic.
• tcpdump: A command-line packet analyzer tool.
• Cain & Abel: A tool for password recovery and packet sniffing.

Uses of Sniffers:

• Legitimate Uses:
  • Network troubleshooting and performance monitoring.
  • Security auditing and forensics.
• Malicious Uses:
  • Intercepting sensitive information like passwords, credit card numbers, and private messages.
  • Session hijacking by capturing session cookies.

Detection and Prevention:

• Encryption: Use secure protocols like HTTPS, SSH, or VPNs to ensure intercepted packets are unreadable.
• Network Monitoring: Regular monitoring of network traffic to detect suspicious activity.
• Promiscuous Mode Detection: Check if network interfaces are running in promiscuous mode, allowing them to capture all network traffic.

Example:

A hacker installs a sniffer on a university’s public Wi-Fi network. As students access their email or social media accounts without using HTTPS, the hacker captures login credentials in plain text, gaining unauthorized access to their accounts.

Case Study (India):

Wi-Fi Sniffing at Public Places: In India, attackers have used sniffers to intercept unencrypted traffic over public Wi-Fi networks at airports, cafes, and malls, stealing sensitive information like email passwords or banking credentials. This increased awareness about the importance of using VPNs and encrypted connections on public Wi-Fi networks.

Summary

1. Denial of Service (DoS)

Definition: A DoS attack overwhelms a machine or network resource, making it unavailable by flooding it with excessive requests.

Types of DoS Attacks:

• Flood Attacks: Overwhelm the target with traffic.
  • ICMP Flood: Sends excessive ping requests.
  • SYN Flood: Exploits the TCP handshake process.
• Application Layer Attacks: Target applications with malicious requests.
• Distributed Denial of Service (DDoS): Multiple compromised systems attack a single target.

Prevention Methods:

• Firewalls: Block malicious traffic.
• Intrusion Detection Systems (IDS): Monitor and alert administrators about potential DoS attacks.
• Rate Limiting: Limit traffic from single IPs.
• Load Balancing: Distribute traffic across multiple servers.

Case Study (India):

2016 DDoS Attack on Indian Banks: Following demonetization, Indian banks like SBI faced DDoS attacks that disrupted online banking services.

2. Sniffer (Packet Sniffer)

Definition: A packet sniffer captures and analyzes network traffic, often used for network troubleshooting or malicious interception of sensitive data.

Types of Sniffers:

• Passive Sniffing: Monitors network traffic without interacting with it, effective in hubs.
• Active Sniffing: Manipulates traffic in switched environments to capture data.

Common Sniffer Tools:

• Wireshark: A widely used network traffic analyzer.
• tcpdump: A command-line packet analyzer.
• Cain & Abel: A tool for password recovery and sniffing.

Prevention Methods:

• Encryption: Use secure protocols like HTTPS and VPNs.
• Network Monitoring: Regularly monitor traffic for suspicious activity.
• Promiscuous Mode Detection: Check if network interfaces are in promiscuous mode, allowing them to capture all traffic.

Case Study (India):

Wi-Fi Sniffing at Public Places: Sniffers have been used in public Wi-Fi hotspots in India to steal sensitive information, highlighting the need for encrypted connections.