Category: Server Security

Kernel-memory-leaking Intel processor design

This article will guide you on how to fix Kernel-memory-leaking. Kernel-memory-leaking Intel processor design occurs due to a flaw in the Intel x86-64 hardware. 

The simplest way to detect a memory leak is also the way you're most likely to find one: running out of memory. 

That's also the worst way to discover a leak! Before you run out of memory and crash your application, you're likely to notice your system slowing down.

A memory leak can diminish the performance of the computer by reducing the amount of available memory.

Most memory leaks result in general software reliability problems, but if an attacker can intentionally trigger a memory leak, the attacker might be able to launch a denial of service attack (by crashing the program) or take advantage of other unexpected program behavior resulting from a low memory condition.

Memory leaks have two common and sometimes overlapping causes:

1. Error conditions and other exceptional circumstances.

2. Confusion over which part of the program is responsible for freeing the memory.

ACK scan DOS attack

This article will guide you on how the ACK scan DOS #attack works as well as methods to mitigate this. 

A port scan can help an attacker find a weak point to attack and break into a computer system. 

Just because you've found an open port doesn't mean you can attack it. But, once you've found an open port running a listening service, you can scan it for vulnerabilities.

Denial of service attack (DOS) is an attack against computer or network which reduces, restricts or prevents accessibility of its system resources to authorized users. The network of Bots is called botnet.

A Fraggle Attack is a denial-of-service (#DoS) attack that involves sending a large amount of spoofed UDP traffic to a router's broadcast address within a network. 

It is very similar to a Smurf Attack, which uses spoofed ICMP traffic rather than UDP traffic to achieve the same goal.

Common DoS attacks:

1. Buffer overflow attacks – the most common DoS attack.

2. ICMP flood – leverages misconfigured network devices by sending spoofed packets that ping every computer on the targeted network, instead of just one specific machine.

3. SYN flood – sends a request to connect to a server, but never completes the handshake.

To prevent port scan attacks:

i. Install a Firewall: A firewall can help prevent unauthorized access to your private network.

ii. TCP Wrappers: TCP wrapper can give administrators the flexibility to permit or deny access to the servers based on IP addresses or domain names.

ACK flood DDoS attack

This article will guide you on methods to prevent ACK flood #DDoS #attack. An ACK flood DDoS attack occurs when an attacker attempts to overload a server with TCP ACK packets. 

Client requests connection by sending #SYN (synchronize) message to the server. Server acknowledges by sending SYN-ACK (synchronize-acknowledge) message back to the client. Client responds with an #ACK (acknowledge) message, and the connection is established.

When computers communicate via TCP, received packets are acknowledged by sending back a packet with an ACK bit set. 

The TCP protocol allows these acknowledgements to be included with data that is sent in the opposite direction. 

Some protocols send a single acknowledgement per packet of information.

To stop a SYN #DDoS attack:

1. Filtering.

2. Increasing Backlog.

3. TCP half-open: The term half-open alludes to TCP associations whose state is out of synchronization between the two potentially because of an accident on one side.

4. Firewalls and Proxies.

5. Reducing SYN-RECEIVED Timer.

6. SYN Cache.

7. Recycling the Oldest Half-Open TCP.

NTP amplification attack

This article will guide you on steps to mitigate this #NTP amplification attack. An Amplification Attack is any attack where an attacker is able to use an amplification factor to multiply its power. Examples of #amplification #attacks include Smurf Attacks (ICMP amplification), Fraggle Attacks (#UDP amplification), and DNS Amplification.

DNS flood is a type of Distributed Denial of Service (#DDoS) attack in which the attacker targets one or more Domain Name System (#DNS) servers belonging to a given zone, attempting to hamper resolution of resource records of that zone and its sub-zones.

To harden your DNS server:

1. Audit your DNS zones. First things first.

2. Keep your DNS servers up-to-date.

3. Hide BIND version.

4. Restrict Zone Transfers.

5. Disable DNS recursion to prevent DNS poisoning attacks.

6. Use isolated DNS servers.

7. Use a DDOS mitigation provider.

8. Two-Factor Authentication.

Memcached DDOS attack

This article will guide you on methods to mitigate Memcached DDOS attacks which occur mostly by accident. To mitigate this attack, you can Disable #UDP, #Firewall #Memcached servers, and so on.

 DoS attack is a denial of service attack where a computer is used to flood a server with TCP and UDP packets. A DDoS attack is where multiple systems target a single system with a DoS attack. The targeted network is then bombarded with packets from multiple locations.

DDoS attacks are illegal under the Computer Fraud and Abuse Act. Starting a DDoS attack against a network without permission is going to cost you up to 10 years in prison and up to a $500,000 fine.

There are three essential security measures that all small businesses should take to protect themselves from #DDoS #attacks: Use a web application firewall (#WAF): The absolute best way to prevent a DDoS attack is through the use of a WAF that blocks bad traffic and prevents DDoS attacks from accessing your web server.

A Denial-of-Service (#DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic, or sending it information that triggers a crash.

Different DDoS attack method:

1. UDP flood.

2. ICMP (Ping) flood.

3. SYN flood.

4. Ping of Death.

5. Slowloris.

6. NTP Amplification.

7. HTTP flood.

HTTP Flood DDOS Attack How to Mitigate the attack

This article will guide you on how to recover from DDoS attacks. Basically, protecting the web server against #DDoS #attacks is important. You can apply these measures to mitigate the error from causing troubles.

DNS #flood is a type of Distributed Denial of Service (DDoS) attack in which the attacker targets one or more Domain Name System (#DNS) servers belonging to a given zone, attempting to hamper resolution of resource records of that zone and its sub-zones.

To prevent DDoS attacks:

1. Buy more bandwidth. 

2. Build redundancy into your infrastructure. 

3. Configure your network hardware against DDoS attacks. 

4. Deploy anti-DDoS hardware and #software #modules. 

5. Deploy a DDoS protection appliance. 

6. Protect your DNS servers.