DDos or Dos: Working and Protection

Dos Attack or DDos Attack

DDos Attack: Working and Protection

Denial-of-service attack is a very famous and common attack. We daily experience such attacks but we are not able to figure it out. Let me define Denial-of-service (DOS) for you. A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a machine or network resource unavailable to its intended users. What it means is sometimes we visit a website the website keeps on loading and after a while the connection from the server breaks and we get website not available error. Mostly high profile servers like bank servers, credit card payment gateways and even social services servers are targeted by hackers. Any deliberate effort to cut off your website or network from its intended users qualifies as a DoS attack. Such attacks have been successfully deployed against major online businesses including Visa and Mastercard, Twitter, and WordPress. DoS attacks effectively knock the services offline, costing lost business and negative publicity. They also force IT staff to expend valuable resources defending against the attackers.

A famous part of Denial-of-service attack is DDOS Distributed Denial-Of-Service Attack the logic is same the only difference is DOS is operated from one source and DDOS from many.

How Denial Of Service Works?

A hacker tells one or more of his computers contact a specific server or Web site repeatedly. The sudden increase in traffic can cause the site to load very slowly for legitimate users. Sometimes the traffic is enough to shut the site down completely.

Some of famous Methods of Attack are:

  • Buffer overflow-It is a program written so that on the execution of it memory errors, incorrect results or a breach in security occurs.
  • Ping of Death – bots create huge electronic packets and send them on to victims
  • Mailbomb – bots send a massive amount of e-mail, crashing e-mail servers
  • Smurf Attack – bots send Internet Control Message Protocol (ICMP) messages to reflectors.
  • Teardrop – bots send pieces of an illegitimate packet; the victim system tries to recombine the pieces into a packet and crashes as a result
  • SYN flood-A SYN flood occurs when a host sends a flood of TCP/SYN packets, often with a forged sender address.
  • Permanent denial-of-service attacks – This attack that damages a system so badly that it requires replacement or re-installation of hardware.

Denial-of-Service Level II -The goal of DoS L2 attack is to cause a launching of a defense mechanism which blocks the network segment from which the attack originated. In case of distributed attack or IP header modification (that depends on the kind of security behavior) it will fully block the attacked network from Internet, but without system crash. Another well-known Denial Of Service is at application level for this it various DoS-causing exploits such as buffer overflow can cause server-running software to get confused and fill the disk space or consume all available memory or CPU time. To perform Denial-of-service attack hackers use tools, bot net, zombies etc.

How to Prevent From a DdoS Attack?

Mitigation performance – high rate DDoS must be mitigated by specialized hardware to withstand the attack load while allowing legitimate traffic to pass through – e.g. Anti-DDoS solutions using ASIC-based DDoS Mitigation Engines

●  Reducing reaction time – Network Behavioral Analysis (NBA) technology should be utilized to automatically and accurately distinguish attack traffic from legitimate traffic – at all layers including layer-7 (e.g. HTTP)

● Blocking multiple attack vectors – using NBA, IPS and DoS technologies within a single Anti-DDoS solution ensures no attack is overlooked during a multi-vector attack campaign.

Firewalls like nexusguard, cloudflare etc helps protect ddos attacks efficiently by providing reverse ip proxy and limiting ping from a certain ip. Those who don’t like website to get down because of Dos (Ddos) attacks can consider Cloudflare as the ultimate solution to your problem.  Two things which protect cloudflare powered websites from a Ddos attack, first thing is that the IP address is masked and secondly it uses a captcha method. So it provides a total security against any kind of DOS attack.

● Apart from Web Firewalls, Firewalls for system like iptables and comodo are also very helpful in preventing ddos attacks. They block the ip of the attacker which kick him off the server.

● Web Server matters most ddos attack fail to exploit nginx.

● For bandwidth saturation attacks, make sure your service provider can mitigate volumetric attacks that may saturate your bandwidth.

Note: Always Configure your firewalls, ports and other server mechanism correctly because I have seen cases where the admin has not configured his firewall correctly and becomes a victim of DDOS.

Note for Server Administrators: A fact is despite being designed to provide network security, firewalls and intrusion prevention systems (IPS) are impacted by DDoS attacks. To stop DDoS attacks you can also go for dedicated hardware solutions.

Correct knowledge can save you from all kind of attacks & always stay awake to updates.

Author: Rashmil Tyagi ||||| Contact him at: official.rashmiltyagi@gmail.com

If you wish to write articles for Whitec0de Magazine, then Click Here.