Hackers have many reasons to break network security. Whatever the reason is, hacking causes damage both to that particular individual who becomes the prey and the computing devices and lays a more significant impact on business firms resulting in the loss of millions of dollars. A hacker also has the technique that they sat on a single computer and controls multiple computers at the same time to do a more massive hack. Though security experts have introduced advanced devices and security methods, as we all know, nothing is 100% secure. Here we'll understand how Distributed-Denial of Service (DDoS) functions and the steps required to protect the individuals and business sites and computers from this attack.
What is Denial of Service (DoS)?
It is an attack on the computer or network that restricts, reduces, or prevents the system from restoring accessibility to its legitimate users. It is a kind of attack in which an attacker or intruder tries to deprive system users or authorized users of accessing their computers, networks, or sites. Here the attacker focuses on the bandwidth of the victim to perform this attack.
Malicious use of resources internally within an organization may also result in a Denial of Service attack. The target computers can also be attacked from the internal network by an unsatisfied or disgruntled employee. It can also be executed against network resources, data access within an inter-networked environment. In 95% of cases, an attacker's motive using this Denial of Service is destruction and not stealing.
Symptoms of Denial of Service Attacks
Denial of Service typically results in:
- Hanging the system.
- Slow response of the system.
- Slow, unusual network performance.
- Unavailability of that target website.
- Reboot or shutdown of a particular system.
- The incapability of accessing that target website.
- The drastic increase in the number of spam emails.
- Loss of Information from the target computer or site.
- Disconnection of wireless or wired internet connection.
- Damages and deletion of network resources or hardware.
- Destruction of data and programs of users that were online during the attack.
If the Denial of Service attack is performed sufficiently for a huge amount of time, on a large scale, the Internet connectivity of the entire geographical region may get compromised without the attacker even know that this thing has occurred. Thus, a Denial of Service attack compromises a system without intruding, which is enough to disorganize an organization's functionality or network infrastructure.
Common DoS Attack Types
- Buffer Overflow: is a common type of Denial of Service attack, to send a large amount of traffic through an addressed network. The attacker may find vulnerabilities to the target system that can be exploited, or the attacker may merely make a trial to attack in case it might work.
- Bandwidth Attack: A single machine cannot withstand enough requests to overwhelm network equipment, and so a large number of packets are sent at a time to flood the victim's network or a large number of pings to a target website.
- Teardrop attack: In this type of denial of service attack exploits how the Internet Protocol (IP) requires a packet that is too large for the next router to handle be divided into fragments. This packet fragment then identifies an offset that enables the entire set of packets to get reassembled by the receiver computer. In this attack, the attacker's IP set a confusing offset value starting from the second fragment. If the receiving OS doesn't have a precaution for this attack vector, it can cause a crash system.
- Physical Infrastructure DoS: In this case, someone may nick a fiber-optic cable to the existing network hardware infrastructure. Using this attack, the traffic through the network can easily be rerouted.
- SYN attack: Here, the attacker sends many SYN packets to a target server of the victim with a fake source IP address.
- P2P attack: Using a Peer-to-peer (P2P) attack, the attacker instructs the peers or the client connected to the network to disconnect from their peer-to-peer network and connect the victim's fake website. Here, the mugger exploits the network flaws using the Direct-Connect (DC++)protocol used to share all types of files between IM (Instant Messaging) clients.
Defining Distributed Denial of Service
A DoS attack is reframed with the name of the Distributed Denial of Service (DDoS) attack when a multitude of hacked systems target a single system (computer, website, or network). In other words, when a Denial of Service attack is performed using several compromised devices to attack a particular system, then that distributed nature of the attack is termed as a Distributed Denial of Service (DDoS) attack.
In a typical DDoS attack, the mugger or the attacker starts exploiting a vulnerability in one computer or system and makes it the DDoS master; DDoS master means that other vulnerable computers are detected through this computer and identified and then infected those systems with malware. Here, to launch a Distributed Denial of Service attack, in the DDoS master system, the attacker uses botnets to affect and then control many computers and then attack a single system. The attack is termed "distributed" because multiple computers are being manipulated by a hacker to execute the Denial of Service attack.
DDoS Attack Trend
According to a report of 2014-2015, the average DDoS attack size has increased to 7.39 gigabits per second (Gbps), with a rise of 14% higher than that in 2013-2014. E-Commerce and Online advertising are affected by DDoS, with an average of 8%; the telecommunication department is affected by an avg. of 6%, public sector-15%, Financial Sector-15%, IT services, and Cloud-33%.
How to Avoid DoS and DDoS types of Attacks
Unfortunately, there is no 100% successful ways to protect a victim from falling under the prey of malicious DoS/DDoS attackers. But, users can apply some prevention tactics to reduce the likelihood an attacker may use a computer to attack other computers. These prevention tactics are:
- Install Antivirus software with the latest updates.
- Install a firewall and try to configure it with the most recent updates to restrict traffic.
- Apply filtering of emails to manage unwanted traffic.
Various Factors on Which Attacker Depends
- Attack against Connectivity: In this type of attack, the attacker tries to terminate the users/hosts from connecting with another system or computer or host.
- Misuse of Internal Resources: In this attack type, the attacker tries to bind resources to a certain machine with a consequence that the consumption of network bandwidth will be large and wastage along with the non-availability of resources for others.
- Bandwidth consumption: In this mode of attack, the attacker generates many packets from the system on which the attack has been planned. This consumption of bandwidth finally leads to a slowdown of network and attack.
- Altering Configuration: In this type of attack, the attacker may try o exploit misconfigured information present on the network for DoS.
Tools Used for DoS Attack
- Jolt 2.
- Blast 20.
- Panther 2.
- Crazy Pinger.
- UDP Flood.
- FS max.
Countermeasures and Security Against DoS/DDoS
Some strategic countermeasures a security consultant can take against DoS and DDoS are:
- Aborting the attack: This protection technique requires preplanning and requires additional capacity to withstand or absorb the attack.
- Degrading Services: Identifying and stopping those noncritical services.
- Service Shut Down: Using this technique, all the services can be shut down until the attack has subsided.
These are the security postures you should apply to protect the system from DoS and DDoS:
- Install antivirus and anti-Trojan software and keep that software up to date.
- Analyze communication protocols and traffic patterns between handlers and clients to identify infected network nodes.
- Systems should be set up with limited security, which will be the honey-pots. Honey-pots will lure the attacker. The security professional can detect the attacker with the help of honey-pots as they serve to gather information about an attacker.
- Security professionals can also mitigate these attacks by Load balancing on each server in multiple server architecture.
- Set router level security and install firewalls.
- To defend against botnets, the organization can use the Cisco IPS (Intrusion Prevention System) with IP reputation Filtering, which determines whether the IP or service is a source or a threat. These IPS frequently update themselves with known threats.
- Enable IP source Guard, which is provided by Cisco devices. This feature is available in Cisco routers to filter traffic based on DHCP (Dynamic Host Control Protocol) snooping or IP source binding, terminating or preventing the bot from sending spoofed packets.