Scribd
Upload
29 views

DoS User Specified Object Allocation

The document discusses several types of denial of service (DoS) attacks including user-specified object allocation that can overload server memory, user input as a loop counter that degrades performance, failure to release resources causing memory leaks, buffer overflows crashing applications, and a Smurf attack using email autoresponders to overwhelm a target. Code examples in Java and C demonstrate how these issues can cause DoS vulnerabilities.

Uploaded by

atashaaalara
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
29 views

DoS User Specified Object Allocation

The document discusses several types of denial of service (DoS) attacks including user-specified object allocation that can overload server memory, user input as a loop counter that degrades performance, failure to release resources causing memory leaks, buffer overflows crashing applications, and a Smurf attack using email autoresponders to overwhelm a target. Code examples in Java and C demonstrate how these issues can cause DoS vulnerabilities.

Uploaded by

atashaaalara
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

DoS User Specified Object Allocation

It is possible to cause the environment to run out of memory if users are able to submit, either
directly or indirectly, a value that will determine how many of an object to construct on the
application server, and if the server does not enforce a hard upper limit on that value. The
appropriate number of objects may be allocated by the server; but, if this number is too high, the
server may experience severe problems, perhaps overloading its memory and degrading its
operation.
The following is a simple example of vulnerable code in Java:

DoS User Input as a Loop Counter


As with the User Specified Object Allocation issue from before, there may be server
performance issues if the user is able to directly or indirectly provide a value that will be utilized
as a counter in a loop function.
The following is an example of vulnerable code in Java:

DoS Failure to Release Resources


If an error occurs in the application that prevents the release of an in-use resource, it can become
unavailable for further use. Possible examples include:
When an exception occurs, an application locks a file for writing; nevertheless, the file is not
explicitly closed and unlocked.
Memory leaks in programming languages like C and C++, where memory management is the
developer's responsibility. When an error prevents normal logic flow, the memory that has been
allocated might not be cleared out and might remain in a state that makes the garbage collector
unaware that it has to be reclaimed.
Use of database connection objects in situations where an exception is raised and the objects are
not released. Many of these recurrent queries may result in the application using up all of the
database connections since the code will never release the open database object.
The following is an example of vulnerable code in Java. In the example, both the Connection and
the CallableStatement should be closed in a finally block.

DoS Buffer Overflows

A buffer overflow can occur in any language where the programmer is directly in charge of
managing memory allocation, most notably in C and C++. The ability to run arbitrary code on
the server is the most dangerous risk associated with a buffer overflow, but the first risk is the
possibility of an application crash causing a denial of service.

The following is a simplified example of vulnerable code in C:


Smurf attack.
This involves emails with automatic responses. If someone emails hundreds of email messages
with a fake return email address to hundreds of people in an organization with an
autoresponder on in their email, the initially sent messages can become thousands sent to the
fake email address. If that fake email address belongs to someone, this can overwhelm that
person’s account. DoS attacks can cause the following problems:
 Ineffective services
 Inaccessible services
 Interruption of network traffic
 Connection interference
Following is the Python script for performing a denial of service attack for a small website that
didn’t expect so much socket connection.

You might also like