This paper examines denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks, analyzing how attackers exploit TCP/IP protocol vulnerabilities to flood network resources and render them unavailable to legitimate users. Drawing on multiple peer-reviewed sources, the paper reviews cross-layer detection algorithms, encryption-based prevention strategies, intrusion detection systems, malware analysis techniques, and static vulnerability analysis tools. It evaluates the strengths and limitations of each proposed countermeasure and synthesizes recommendations for network administrators and security practitioners seeking to protect wired and wireless infrastructure from increasingly sophisticated denial-of-service threats.
A denial-of-service (DoS) attack is an attempt to make network or machine resources unavailable to legitimate users. Attackers use DoS attacks to accomplish their goals by flooding target resources or machines with superfluous requests or useless packets, overloading the systems and preventing users from fulfilling their legitimate requests. When a DoS originates from a single network or host node, it is termed a DoS attack; however, a distributed denial-of-service (DDoS) attack is a more serious threat that attempts to consume computer resources and prevent the system from providing services. A DDoS occurs when attacks come from multiple sources, often thousands of unique IP addresses.
The rates of DDoS attacks have increased significantly in recent years. Criminals target high-profile servers such as credit card payment gateways, banks, and other large corporations to achieve their criminal goals. An intruder may consume disk space by sending excessive email messages to create errors in the systems. Intruders can also implant zombie software on target websites to achieve direct DoS attack objectives. Often, DDoS attacks employ a two-level approach involving master zombies and slave zombies, where the master zombie uses the slave zombies to create vulnerabilities across network resources by using malicious code to infect distributed machines. Attackers can also use malware to alter system configurations in order to provoke a DoS attack (Jain, Jain, & Gupta, 2011). When an attacker infects a target machine with malware or zombie software, that software will run across a large number of target machines.
Another attacking strategy involves scanning machines with zombie software to detect vulnerable targets and then launching internet traffic through the infected machines (Stallings, 2013). While web services provide critical functionalities to businesses, DoS attacks can inflict serious damage to those services, potentially leading to both reputational and financial losses. Different research articles address DoS and DDoS attacks, their prevention, detection, and mitigation (Han, Shen, Duong, et al., 2014; Oliveira, Laranjeiro, & Vieira, 2015).
The objective of this paper is to analyze the main threats and attacks on TCP/IP protocols and the networks they affect. The study also assesses the main attacks and threats on wired and wireless networks from both inside and outside an organization, and discusses current penetration testing tools, techniques, and procedures.
The TCP/IP protocols are tools that facilitate communication across the internet. TCP/IP provides a wide array of functionalities across network layers, transport layers, link layers, and application layers. However, TCP/IP has become a frequent target of attacks in the contemporary business environment, and DoS or DDoS attacks represent major threats to these protocols (Steinke, Tundrea, & Kelly, 2011). A DoS attack can render the application layer of TCP/IP unable to process requests by swarming the server with useless packets. Attackers can also target the TCP/IP network layer, causing the network system to slow down, drop packets, and become unusable. The following sections review several key research articles that demonstrate methods for preventing, detecting, and mitigating DoS and DDoS attacks.
Soryal and Saadawi (2014), in their research article "DoS Attack Detection and Mitigation Utilizing Cross-Layer Design" (Ad Hoc Networks, p. 71), provide a comprehensive review of DoS detection and mitigation using cross-layer designs. This article is particularly valuable because the authors develop specific algorithms for DoS detection and mitigation that are applicable in both IT and business environments. Soryal and Saadawi (2014) argue that DoS attacks have grown more powerful and are increasingly used to disrupt network systems, thereby depriving "the legitimate users from utilizing the network resources" (p. 71).
The authors point out that attackers can carry out DoS attacks on wireless networks through various methods: disguising themselves as legitimate users, following and controlling data packets, and causing all innocent nodes in the system to treat them as legitimate nodes. Soryal and Saadawi (2014) develop DoS detection and mitigation algorithms designed to deceive attackers into falsely believing that they are still disrupting the network systems. The detection algorithms incorporate IEEE 802.11 DCF (Distributed Coordination Function) standards, which can be used to perform DoS detection in combination with modification of the "IEEE 802.11 MAC layer code" (Soryal & Saadawi, 2014, p. 78). The detection strategy uses these algorithms to modify MAC layer firmware, assisting each node in the system to detect DoS attacks using the MAC (Medium Access Control) layer to identify attackers.
The mitigation process is the next step after detecting DoS attacks. The mitigation module intervenes and begins changing communication channels based on the PSS (Pre-Shared Sequence) (Soryal & Saadawi, 2014). The mitigation algorithms force all nodes in the system to switch to safe communication channels. Once all nodes have resumed operation on the safe channels, the next step is to send ACK and CTS packets to deceive attackers into thinking that they are still causing damage. The authors argue that these detection, prevention, and mitigation algorithms can be applied to commercial wireless routers and other wireless devices such as laptops and smartphones. The strategies provide an extra layer of security against DoS attacks, are compatible with IEEE 802.11 standards, and allow trusted users to join wireless networks without fear of DoS attacks.
Disterer, Alles, and Hervatin (2008), in "Chapter XXXI: Denial-of-Service (DoS) Attacks: Prevention, Intrusion Detection, and Mitigation" (IRMA-International.org), discuss strategies that can be employed in detecting, preventing, and mitigating DoS attacks. The authors argue that DoS attacks have become major threats in the business environment, with the primary goal of blocking legitimate users from accessing network services. One method used to harm websites is manipulating target servers or networks to prevent them from performing legitimate functions and ultimately shutting down network resources. Attackers may also attempt to deplete resources including memory, bandwidth, and processing capacity.
"Encryption and IDS recommendations from Disterer et al."
"Malware threats, honeypots, Pixy analysis, and DDoS countermeasures"
"Strengths and weaknesses of each reviewed security strategy"
DoS and DDoS attacks are tools that attackers use to make network resources unavailable to legitimate users by sending useless packets to the systems. This paper reviewed multiple research articles and texts that propose different methods to prevent, identify, and mitigate DoS and DDoS attacks. The reviewed works collectively highlight the importance of layered security strategies — combining detection algorithms, encryption, intrusion detection systems, regular scanning, and software updates — while acknowledging that no single measure can guarantee complete protection against the evolving threat landscape of denial-of-service attacks.
You’re 41% through this paper. Sign up to read the remaining 3 sections.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.