DDOS is nothing but distributed denial of service , this attack is very well trained and uses internet to get into a system and attack the network . Many computers using internet can also be used to attack other systems. If a denial of service attacks a computer or network then the user will not be able to access emails or the internet, These attacks can be directed towards an operating system (OS) or a network.
How did DDOS attacks start?
DDOS attacks started in late 90’s, initially the attackers used to make full use of victim’s bandwidth and not letting others to get the service. To make these attacks more damageable many attackers should manually synchronize. This type of attack has become public in the year 1997, when a DDoS attack tool called as “Trinoo” was released and was available publicly.
Types of DoS attacks:
Dos attacks are classified into three different types based on the method of attacks. They are:
These type of attacks are again classified into different types:
Ping Flood Attack: This is a kind of attack by which an attacker attacks on the bandwidth connection so that a network is saturated with an ICMP echo request packets so as to slow or stop the traffic which is going through the network.
Distributed SYN Flood: The attack focuses on the bandwidth of many machines and by doing so, it
is possible to use more number of weakly distributed computers and a big flood attack is created.
UDP Flood Attacks: In UDP protocol it is very easy to use interface to produce large quantity of packets . Hence it is very easy for an attacker to produce large packets with little effort and this is how a victim’s network is flooded with UDP packets and is attacked.
2. Protocol Attacks:
These type of attacks are divided into two types:
Smurf Attack: Here a spoof IP packet with ICMP echo -request with an address of victim’s system and a destination address are sent to an intermediate network. By sending an ICMP echo request to destination address , it triggers all the host that are included in the network and thus leading to production of large number of packets that are routed to that spoof IP address.
DNS name server Attack: his is one of the most common method for attacks, mainly by sending a high number of UDP based DNS requests to a nameserver using a spoof IP address, now any nameserver response is sent back to the destination i.e., to the spoofed IP address and here this IP address is the victim of the DoS attack. So, it is difficult for a nameserver or the victim to determine the true source of the attack.
3. Software Vulnerability Attacks:
These attacks are again divided into 3 types:
Land Attack: This kind of attack uses TCP/IP, here attacker sends a TCP SYN packets with source and destination address same i.e., same as the victim’s host address. The TCP/IP stack implements those kind of packets which leads to victim’s host to crush or hang. You can reduce the possibilities of your network being used as an initiate forged packets by filtering the out going packets that are having different source address from your internal network.
Ping of Death Attack: This is a method by which an attacker tries to crash , hang or reboot a system by sending illegal ICMP packet to the victim who is going to he attacked. Generally a TCP/IP allows a maximum packet size till 65536 octets, if the packets encountered are greater in size then victim’s host may crash. Usually the ICMP uses packets of header size of 8 octets by allows the user to specify even larger sizes. Here in Ping Death of attack ICMP packets are sent in the form of small parts of messages , when these are reorganized it turns out to be large packet size.
Teardrop Attack: In this type of attack first a packet of small size is sent. Then another packet said to be the part of the first packet sent. The second packet sent is very small to pick it from the first packet, this causes an error is assembling and the system may crash or hang. Generally fragmentation is very necessary if the message size is large , at the receiving end all the fragmented packets are reassembled to complete it, teardrop attacks concentrate here and sends unrelated fragment packets, which leads to system crash or hang when trying to assemble them.
Effects of DDoS:
1. An DDoS attack on a site not only affects that site but also other site which relate to the same network and the server.
2.The bandwidth that is provided is attacked it not only affects the victim host but also the bandwidth provider and others who share bandwidth with the service provider.
3. When DoS attack it already increases the traffic to the site that the whole system crashes , in addition to that customers logging add more traffic to the site, this definitely leads to site crash .
4. Due to highly increased bandwidth by the attack you need pay extra to that highly increased bandwidth.
How to Handle DoS attacks:
1. Initially before they attack you need to take preventions like separate client and server addresses, using path based client addresses strictly avoids spoof addressing, RPF checking of server addresses and also by using midwalls.
2. Detection is very important, as early you detect it you can lessen the damage. By using automated intrusion detecting system you can detect the attacks at an early stage and take necessary action.
3. What we do after the attack is very important, based on the attack try to follow the procedures and taking back up so as to avoid huge loss. Try to maintain the traffic and also for a while blocking the traffic and filtering is also important.
It is always better to take precautionary steps to avoid DDoS attack as it causes a lot of damage not only to the victim host but also to the entire network that is connected to that host.
Secured VPS Hosting Plans with free Plesk control Panel for life. (All VPS plans are Secured from DOS and DDoS Attacks )