Denial of Service (DoS) attacks are among the most feared threats in today's cybersecurity landscape. Difficult to defend against and potentially costly, DoS attacks can cause outages of web sites and network services for organizations large and small. DoS attacks can also be lucrative for criminals, some of whom use these attacks to shake down businesses for anywhere from thousands to millions of dollars.
Any deliberate effort to cut off your web site or network from its intended users qualifies as a DoS attack. Such attacks have been successfully deployed against major online businesses including Visa and Mastercard, Twitter, and WordPress. DoS attacks effectively knock the services offline, costing lost business and negative publicity. They also force IT staff to extend valuable resources defending against the attackers.
DoS attacks have a silver lining, it is common DoS attack aimed at stealing confidential data to expose or not. In fact most DoS attacks against a company network, they just overwhelmed with traffic. In many recent cases, DoS attacks are at odds with the policies or actions of protest against corporate and government targets online as a form of protest by Anonymous and other hacktivist groups have been used.
A DoS attack is launched against targeted attention and resources to funnel is used as a distraction for the exception. Sony ultimately 12 million anonymous consumer credit card data theft due to a major attack against them in 2011 claiming that the technology used.
DoS vs. DDoS
Most easily executed DoS attack type is one that is starting a descent. In this attack, a machine somewhere on the Internet, the machine against a target of a barrage of network applications. Applications themselves can take a variety of forms - for example, an attack against a Web server ping requests, or via HTTP requests can use ICMP flooding.
Single-origin DoS attacks can be effective against undefended victims, but they have a few key limitations:
- Victims can block the originating IP address, either at the firewall level (to kill HTTP requests) or further upstream at the ISP level (to kill network-level floods).
- Security tools now exist to detect and prevent ICMP flood attacks. Web servers can be configured to detect and block HTTP request attacks.
- Enterprise products can identify and block single origin attacks as soon as they begin.
These days, the more nefarious type of DoS is called the DDoS, or Distributed Denial of Service attack.
In a DDoS attack, the incoming traffic flooding the victim originates from many different sources – potentially hundreds of thousands or more. This effectively makes it impossible to stop the attack simply by blocking a single IP address; plus, it is very difficult to distinguish legitimate user traffic from attack traffic when spread across so many points of origin.
DDoS: The Rise of the Botnets
Where to start a DDoS attack which will be thousands of machines? An attacker's malware infected computers around the world - a combination of a so-called distributed denial of service attacks from botnet are executed.
Malware infection is under control of a remote attacker suffer a silent software can be installed on the machine. Successful botnets usually infected machines without the owners' knowledge, can be composed of hundreds of thousands. There botnets huge amount to - among other things, the botnet to launch DDoS creators who can use the criminal enterprises rent their creations.
Large-scale DDoS attacks are not random. Perpetrators deliberate their hunt, either because of a complaint, revenge, or to meet some demands to try to subjugate them - possibly including extortion payments. Renting a botnot a DDoS per day which will cost about $ 100 can start, so that the duration of an attack against well funded partly depends on how.
Inside a DDoS
A specific mechanism used by the DDoS a site "drop" or network preferred strategy of attack can vary. The victim's machine or network resources to target the computing resources is a significant difference between the implementation of DDoS.
Per second as many as 10,000 applications - - HTTP flood attack against a Web server-based (log files are out of control.) Eventually the machine's memory, CPU time, and possibly Spending on disk space, the server software can overwhelm.
Rather like a SYN flood attack as overloading it with unacknowledged packets, TCP network is focused on. Managing an organization's network, depending on how, what kind of DDoS a server can not escape, even if they share the space with the networks linked to the potentially including death a victim's network, impacing, switches or other network resources can overload the ISP.
HTTP and a SYN Flood DDoS attacks that not only weapon in the arsenal, but they are among the most common. The second attack mechanisms UDP, ICMP and DNS floods, as well as can be mailbombs. A so-called "mixed the DDoS" attacks may contain several of these.
Can a DDoS be stopped?
Let's start with the bad news: It is very difficult to defend against a sophisticated DDoS attack launched by a determined adversary.
Many organizations struck by a DDoS are left to scramble in an effort to stop the attack once it has already begun. Sometimes this requires coordination with the ISP that provides network access. This is especially true when an ISP is forced to "null route" a victim – meaning that to protect other customers, the ISP routes traffic intended for the victim into the trash. This of course effectively prevents all access, including from legitimate users.
One of the more well-known countermeasures against a SYN flood is the use of "SYN cookies" either in the server OS or, better yet for network efficiency, in a network security device at the network edge such as the Cisco Guard. SYN cookies provide a more efficient method for tracking incoming TCP connections lessening the chance for a typical SYN flood to overwhelm the stack.
An effective defense against an HTTP flood can be the deployment of a reverse proxy – in particular a collection of reverse proxies spread across multiple hosting locations. A reverse proxy is somewhat akin to a bouncer at a nightclub, deciding which guests are allowed into the party, where the real web server is. By deploying many bouncers in different locations, the crush of incoming traffic is split into fractions, lessening the possibility of the network becoming overwhelmed. Deploying this type of architecture can be done in the scramble after an attack has begun, or baked into the network architecture of a web site as a preventative defense.
The limitation with these DDoS defenses is that if the attacker can generate network traffic at a higher rate than your network's Internet connection can handle, it will be hard to avoid a meltdown. But what these defense strategies do accomplish is at least force the attacker to get a bigger gun.
Read Also : DENIAL OF SERVICE ATTACK
Read Also : HOW TO PROTECT AGAINST DDOS ATTACKS
