What is DoS ?
DoS stands for Denial of Service. The service could be of any kind. For example, your phone gets confiscated by your parents during exams. They did this to help you study during exams without having any distractions. In a way, you are being denied of a service. In this case, the service is your cell phone.
Similarly, a DoS attack is a denial of service attack, in which any web service is tried to make unavailable. The service is made unavailable by flooding the target URL with requests, more than the server could handle.
What is DDoS attack ?
DDoS is a Distributed Denial of Service attack. This is a kind of DoS attack that comes from more than one source at a time. In DDoS multiple systems attack the same system at the same time. The target network is bombarded with several TCP and UDP packets from multiple locations. The DDoS attack makes the server more complicated to recover.
With the probability of nine to ten, the systems used to execute these kinds of attacks are compromised. This is done so that the attacker can launch attacks remotely through the use of slave computers. These computers are called bots or zombies. These bots then form a network of devices known as a botnet. A botnet is then operated by the attacker through a command and control server.
The DDoS attacks can be of various kinds. With respect to computers and networks, they can be in a form of denying a web server, port overloading, deauthenticating wireless or, denying any kind of service that is available over the internet.
Attacks of such intents are done with various machines rather than one machine. The reason behind DDoS is the DoS attack performed from a single machine is very easy to detect and mitigate. This not only makes this kind of attack hard to detect and stop but it also does make it nearly impossible to find the real culprit.
How does DDoS work ?
The main idea behind a dos attack is making some kind of service unavailable. Since every service is running on some kind of server or machine. The service can be made unavailable if the performance of a machine or a server can be brought down. This is the basic idea behind any DoS or DDoS attack.
Some of the DoS attacks are executed by flooding servers with connection requests until the server is overloaded and is deemed useless. Others are done by sending unfragmented packets to the servers which the servers are unable to handle.
By using the botnet, the attack exponentially increases the amount of damage it is doing. And the difficulty to mitigate and detect them is nearly impossible.
Types of DoS Attacks
Ping of Death
According to the TCP/IP protocol, the maximum size of packets can be 65,535 bytes. The ping of death exploits this fact. In this type of attack, the attacker sends the packets that are more than packet size when the packet segments are added up. The computers or servers don’t know what to do with such kinds of packets. This results in their freezing or crashing of the server entirely.
Reflected attack
These kinds of attacks are used with the help of a botnet. The attacker sends a host of innocent computers, a connection request using a botnet called a reflector. This connection that comes from the botnets looks like it comes from the victim. This is done by spoofing the source port in the packet header. This makes the host of computers send the acknowledgment to the victim server. Since there are multiple such requests from different computers to the same machine. The server results in crashing or freezing.
HTTP Flood
In this attack, an attacker exploits a legitimate GET or POST requests to attack a web server or application. This attack is designed to target web server with these requests till the target gets to a saturation point and is unable to respond to normal requests. HTTP is a hyper text transfer protocol which is used on layer 7 of the OSI model. OSI model is a network model. HTTP is the basis of such browser-based requests which is used to load web contents.
Zero-Day Attack
A zero-day is a vulnerability in a server or software which in turn creates more problems before anyone realizes it. A Zero-day attack happens when the vulnerability of a server is exploited. This happens before the developer has an opportunity to fix it. This gives the chance to an attacker to create sophisticated botnets based on these exploited vulnerabilities. Hence, it is known as a “Zero-Day Attack”.
How to perform a BASIC DoS attack?(using hping3)
Caution: The following tutorial is for educational purposes only.
The only thing that you will require to perform this kind of attack is any Linux distribution operating system and internet connection.
Suppose you want to perform a DoS attack on a victim web server whose IP address is 10.0.0.1
Type the following commands in your terminal.
This command will install hping3 tool.
This command will perform ping flood attack.
This is all you need to do to perform a basic DoS attack. You can rather perform a DDoS attack by installing the same tools in different machines and using them at the same time on the same server.
How to defend against DDoS attacks?
Accomplishing the DoS attack defense is not quite easy. The first thing you can do is to ensure the availability of network or web services to legitimate users.
The second thing you can do is to prevent your systems from falling over. Try to keep your services up as much as possible. However, follow the steps of providing availability to legitimate users. If you don’t do this, it will result in collateral damage to the servers.
Also for a web server, you can implement a query rate strategy to your DNS server. DNS is a Domain name Service which is used to allocate name system to your server.
This will reduce the chance of the server overwhelming with requests.