DoS Attack (Denial of Service)
DoS Attack or Denial of Service is a type of exploit in which a server or a machine is targeted to be made unavailable to use for the user by the attacker. These types of attacks mostly aim to disrupt the hosted services, resources, etc on the machine to suspend for either a short period of time or maybe permanently. Though the outcome of the attack solely depends on the severity and types of security measures used to protect the network.
DoS attack involves sending traffic, fake packets, fake TCP connection requests to a destination from a single source.
Here , lots of requests are being send from one single source to the server. The server gets busy in fulfilling every incoming request.
Generally in a client-server architecture, the server spawns a new thread every time a new connection is establish by an incoming request. In a DoS attack , lots of these requests are spam on the server and the server keeps on spawning new threads and starts working on those until it gets slower, unresponsive or even crash due to very high memory and computational load.
A DoS attack is a very naive attack and its pattern can be detect by a System Admin or network engineer in a very less time , even before it can cause any damage. Hence , it can be prevent very easily by applying different prevention methods.
DDoS attack (Distributed Denial of Service)
A DDoS or Distributed Denial Of Service attack aims to achieve the same outcome as a simple DoS attack , by oversaturating the destination machine/victim machine and making it unusable, unresponsive or even crash it. But in a DDoS attack, the traffic or packets send are send from multiple sources instead of a one single source in a DoS attack.
In a DDoS attack as seen in the image, Multiple requests are being send from a distributed pack of attacker machines to a one single point destination machine, hence the name DDoS. Here the probability of crashing the victim machine highly increases due to the very high number of requests being send per unit time, which can lead to the possible outcomes faster.
Contrary to a simple DoS attack, DDoS is hard to prevent because you can’t just block one machine to stop the attack. Here, a wide network of machines are involve and hence a DDoS attack needs an efficient and complex detection system to efficiently block only the attacker machines and not affect the normal incoming traffic.
Even though DDoS and DoS have their fair share of differences , they can be grouped on the basis of their similarities. They fall in the following categories:
- Buffer Overflow attacks
- Flood attacks
Buffer Overflow attacks
A very basic concept in server side programming is that a server should maintain a buffer of incoming requests to process them in a FIFO or a QUEUE manner. A buffer is nothing but a chunk of memory allocates to a process, which updates frequently whenever a request is serve or receive.
A buffer overflow DoS attack aims to exploit this very buffer of the server and by spamming it with requests. When the limit of the buffer reaches , the server runs out of memory to allocate more resources and as a result a buffer overflow occurs. It causes the server side process to malfunction and even crash due to excessive consumption of memory space, disk space and CPU power.
When the buffer is full , it leads to pointer exceptions ultimately leading in unwanted code behaviour and unexpected return calls. This messes with the server’s OS and the server goes down.
Flood Attacks
By saturating a targeted server with an overwhelming amount of packets, a malicious actor is able to oversaturate server capacity, resulting in denial-of-service. In order for most DoS flood attacks to be successful, the malicious actor must have more available bandwidth than the target.
SYN Flooding attack
SYN is an acronym for Sync Flag. A Sync flag is part of a TCP packet header. The basic packet for handshaking or establishing a connection in TCP is as follows:
- Open a connection request by sending a packet with SYN flag as set to the destination.
- Destination receives the SYN packet, acknowledges it and then sends a SYN+ACK packet to the sender.
- The source receives the SYN+ACK packet sent by the destination machine and again sends an ACK packet to the destination.
Upon completion of above process, as connection is establish between the sender and receiver Ip addresses.
So what is SYN flooding?
SYN flooding is a DoS attack technique in which the sender sends lots of SYN packets. The server receives the SYN packets and sends acknowledges all of them and waits for the connection to be established by waiting for the ACK packet to come from the sender. But , instead of sending an ACK flag set packet , the sender discards the packet and sends a packet with its RST flag or the RESET flag set. This leads to reset the state of the connection and everything is reset.
The above process is repeated again and again. This leads to no establishment of connection, but the server, after some point, runs out of memory and gets confused, ultimately leading to slow or unresponsive behaviour or a system crash.
Written By: Priyansh Gupta
Reviewed By: Sayan Chatterjee
If you are Interested In Machine Learning You Can Check Machine Learning Internship Program
Also Check Other Technical And Non Technical Internship Programs