Information Security: Denial of Service DOS Attacks
Denial-of-Service (DoS) attack is a type of cyber-attack in which malicious actors shut down a machine or network. By Making it inaccessible to its intended users. The methodology of this attack is it oversaturates the target machines. The attack basically floods the service with so much traffic. As a result, other users will be unable to use it resulting in denial-of-service of additional requests. Distributed denial of service (DDOS) works in the same way. But, the attack vectored from different source. Information security and DOS attacks require checks on regular interval.
On 10/13/2020 Windows TCP/IP Denial of Service Vulnerability – CVE-2020-16899 was identified. Which exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement (Source: http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16899). When the vulnerability is successfully exploited. It could cause a target system to stop responding.
Moreover, Attackers can exploit this vulnerability by sending specially crafted ICMPv6 Router Advertisement packets to a remote Windows computer. The vulnerability would not allow an attacker to execute code or to elevate user rights directly. But will allow the attacker to render remote computer useless.
How to protect against dos attacks
Although, Microsoft has not yet identified any patches or mitigating factors for this vulnerability. However, they have provided walkarounds for protection against this vulnerability. IS Audit is an important factor to consider vulnerabilities check in an information system of organization.
Disable ICMPv6 RDNSS
One can disable ICMPv6 RDNSS, to prevent attackers from exploiting the vulnerability. By following the PowerShell command (only available for Windows 1709 and above).
netsh int ipv6 set int *INTERFACENUMBER* rabaseddnsconfig=disable
This workaround disables RA-based DNS configuration which is an alternative in networks. Whereas, an IPv6 host’s address is auto-configured. Through IPv6 stateless address auto-configuration. Where there is either no active DHCPv6 devices or infrastructure. Windows still support DHCPv6 as it takes precedence over 6106-based configuration.
Although, the workaround is available and will help protect against this vulnerability in Information security and dos attacks. Microsoft strongly recommends installation of the updates for this vulnerability. As soon as they become available even if this workaround is in place.