Blog | G5 Cyber Security

Brute Force & Denial of Service Attacks

G5 Cyber Security

TL;DR

Brute force attacks try to guess passwords or keys repeatedly. Denial of service (DoS) attacks overwhelm a system with traffic, making it unavailable. They’re different problems needing different solutions – blocking attempts vs. managing load.

Understanding the Attacks

  1. Brute Force Attack: Imagine trying every possible combination for a lock until you find the right one. This is what a brute force attack does, but with passwords or encryption keys. They can be slow and obvious, or faster using pre-calculated tables (rainbow tables).
  2. Denial of Service (DoS) Attack: A DoS attack floods a server, website, or network with requests, like too many people trying to enter a shop at once. This overwhelms the system, making it slow or completely unresponsive for legitimate users. Distributed Denial of Service (DDoS) attacks use multiple computers to launch the attack, making them harder to stop.

Identifying an Attack

  1. Brute Force:
    • Multiple failed login attempts from the same IP address in a short period.
    • Log files showing repeated, incorrect password guesses.
    • Account lockouts triggered frequently.
  2. DoS/DDoS:
    • Sudden spike in traffic to your server or website.
    • Slow response times or complete unavailability of services.
    • High CPU usage on your server.
    • Monitoring tools showing a large number of requests from unusual sources. Tools like tcpdump can help: 
      tcpdump -i eth0 -n host [target IP address]

Stopping Brute Force Attacks

  1. Strong Passwords: Enforce strong password policies (length, complexity, regular changes).
  2. Account Lockout Policies: Limit the number of failed login attempts before locking an account.
  3. Multi-Factor Authentication (MFA): Add an extra layer of security beyond just a password.
  4. CAPTCHAs: Use CAPTCHAs to distinguish between humans and bots.
  5. IP Blocking: Block IP addresses with repeated failed login attempts. Many firewalls offer this feature.
    • Example using iptables (Linux): 
      iptables -A INPUT -s [attacker IP address] -j DROP
  6. Rate Limiting: Limit the number of login attempts allowed per unit of time.

Mitigating Denial of Service Attacks

  1. Increase Bandwidth: More bandwidth can handle a larger volume of traffic, but it’s often not enough for large attacks.
  2. Firewall Configuration: Configure your firewall to drop malicious traffic and block known bad actors.
  3. Content Delivery Network (CDN): A CDN distributes your content across multiple servers, absorbing some of the attack traffic.
    • Popular CDNs include Cloudflare, Akamai, and Amazon CloudFront.
  4. DDoS Protection Services: Specialized services like Cloudflare or Arbor Networks can detect and mitigate DDoS attacks.
  5. Traffic Filtering: Identify and filter out malicious traffic based on patterns (e.g., SYN floods).
  6. Null Routing: In extreme cases, you may need to route all traffic to a null interface to protect your infrastructure.
    • This effectively takes your service offline but prevents further damage.

Key Differences Summarised

Feature Brute Force Denial of Service
Goal Gain unauthorized access Make a service unavailable
Method Repeated guessing Overwhelm with traffic
Impact Compromised accounts, data breaches Service downtime, loss of revenue
Solutions Strong passwords, MFA, IP blocking Bandwidth increase, CDN, DDoS protection
Exit mobile version