Attacks

Let’s look at the possible attacks that can be committed against Kerberos and the steps taken by the protocol to mitigate them.

In this lesson, we’ll look at the possible attacks that can be committed against Kerberos and the steps taken by the protocol to mitigate them.

Denial of Service (DoS)

A denial-of-service (DoS) attack occurs when legitimate users are unable to access information systems, devices, or other network resources due to the actions of a malicious actor. DoS attacks accomplish this by flooding the target with traffic or sending it information that triggers a crash. In both instances, the DoS attack deprives legitimate users (i.e., employees, members, or account holders) of the service or resource they expected.

The KDC performs a fair bit of encryption and decryption which are compute-intensive tasks. An attacker can send too many bogus requests for authentication (all of which fail) so that the KDC becomes overwhelmed and is unable to serve any legitimate requests. Usually, KDC is placed behind a firewall to prevent such DoS attacks.

Get hands-on with 1200+ tech skills courses.