DOS Attacks

The denial of service (DOS) attack is one of the most powerful attacks used by hackers to harm a company or organization. Don’t confuse a DOS attack with DOS, the disc operating system developed by Microsoft. This attack is one of most dangerous cyber-attacks. It causes service outages and the loss of millions, depending on the duration of attack. In past few years, the use of the attack has increased due to the availability of free tools. This tool can be blocked easily by having a good firewall. But a widespread and clever DOS attack can bypass most of the restrictions. In this post, we will see more about the DOS attack, its variants, and the tools that are used to perform the attack. We will also see how to prevent this attack and how not to be the part of this attack.

What Is a Denial of Service Attack?

A DOS attack is an attempt to make a system or server unavailable for legitimate users and, finally, to take the service down. This is achieved by flooding the server’s request queue with fake requests. After this, server will not be able to handle the requests of legitimate users. In general, there are two forms of the DOS attack. The first form is on that can crash a server. The second form of DOS attack only floods a service.

DDOS or Distributed Denial of Service Attack.

This is the complicated but powerful version of DOS attack in which many attacking systems are involved. In DDOS attacks, many computers start performing DOS attacks on the same target server. As the DOS attack is distributed over large group of computers, it is known as a distributed denial of service attack.

To perform a DDOS attack, attackers use a zombie network, which is a group of infected computers on which the attacker has silently installed the DOS attacking tool. Whenever he wants to perform DDOS, he can use all the computers of ZOMBIE network to perform the attack.

In simple words, when a server system is being flooded from fake requests coming from multiple sources (potentially hundreds of thousands), it is known as a DDOS attack. In this case, blocking a single or few IP address does not work. The more members in the zombie network, more powerful the attack it. For creating the zombie network, hackers generally use a Trojan.

There are basically three types of DDOS attacks:

1. Application-layer DDOS attack
2. Protocol DDOS attack
3. Volume-based DDOS attack

1. Application layer DDOS attack:

 Application-layer DDOS attacks are attacks that target Windows, Apache, OpenBSD, or other software vulnerabilities to perform the attack and crash the server.

2. Protocol DDOS attack:

 A protocol DDOS attacks is a DOS attack on the protocol level. This category includes Synflood, Ping of Death, and more.

3. Volume-based DDOS attack:

 This type of attack includes ICMP floods, UDP floods, and other kind of floods performed via spoofed packets.

Detection and Prevention of Denial of Service Attack.

A DOS attack is very dangerous for an organization, so it is important to know and have a setup for preventing one. Defenses against DOS attacks involve detecting and then blocking fake traffic. A more complex attack is hard to block. But there are a few methods that we can use to block normal DOS attack. The easiest way is to use a firewall with allow and deny rules. In simple cases, attacks come from a small number of IP addresses, so you can detect those IP addresses and then add a block rule in the firewall.

But this method will fail in some cases. We know that a firewall comes at a very deep level inside the network hierarchy, so a large amount of traffic may affect the router before reaching the firewall.

Black holing and sink holing are newer approaches. Black holing detects the fake attacking traffic and sends it to a black hole. Sink holing routes all traffic to a valid IP address where traffic is analyzed. Here, it rejects back packets.

Clean pipes is another recent method of handling DOS attacks. In this method, all traffic is passed through a cleaning center, where, various methods are performed to filter back traffic. Tata Communications, Verisign, and AT&T are the main providers of this kind of protection.

As an Internet user, you should also take care of your system. Hackers can use your system as a part of their zombie network. So, always try to protect your system. Always keep your system up to date with the latest patches. Install a good antivirus solution. Always take care while installing software. Never download software from un-trusted or unknown sources. Many websites serve malicious software to install Trojans in the systems of innocent users.