49
This
firewall
is
used
to block
incoming traffics depending on what the Snort decides to
do with the traffics.
2.1.10 Denial-of-Service/Distributed Denial-of-Service (DoS/DDoS)
Denial-of-Service
(DoS)
attack
is
generally
considered
as
a
type
of
rate-based
attack.
It
is defined
as type
of attack
where the
attackers
do
not break
into
the system,
but
instead
they
send a
set
of overloading
packets
that
are
being
malicious
activities
to
the
system
for
the
purpose
of
interruption
of
functioning by
either
making
the
system
crashed or
making the resources of
the
system
unavailable. Examples of several
stringent
activities
of
this
are
such
as
destroying
computer’s hard
disk
and
severing
physical
infrastructure that are
more destructive to the system, and
using
up all available
memory
on
resource
of
the
computer that
disables
services.
It
is
known
as
anomaly
activity that actually works with abnormal or unusual behavior
in the
network. Due to its
complexity to
deal
with,
it
is
taken
to
the
diverse
level of
security solution. In
order
to
accurately
identify
it,
an
intrusion
detection
system
needs
to
have
and
apply
anomaly
detection
methodology. Since
using
this
method,
it
is possible
that
the
intrusion
detection will generate too much false positives due to the erratic, varying behavior.
Later, this attack emerged
with
new
dangerous,
more complex scheme of
attack.
It
is known as Distributed Denial-of-Service (DDoS), using
multiple
hosts
for which the
attacks are launched.
 |