Types of DoS Attacks
The types of methodologies utilized in DoS attacks are many, but they could be divided into three essential classes: Flood attacks, Logic attacks, plus Distributed Denial-of-Service (DDoS) attacks. Each has several methods within this that attackers may use to bargain or completely shut down an Internet-connected server.
The premise of a flood attack is simple. An attacker sends more requests to some server than it can handle, generally in a relentless manner, until the machine buckles and gives in to the attacker. Once this type of attack ends, the particular server can return to normal procedure. Flood attacks are very common as they are easy to execute, and the software utilized to execute them is easy to find. Methods of flooding include:
* Ping flooding – a method where the opponent or attackers flood the target machine with ICMP Echo Request (ping) packets. This method depends on the sufferer returning ICMP Echo Relay bouts, greatly increasing bandwidth usage and finally slowing down or stopping the machine.
* SYN flood – a trigger in which the attacker sends repeated SYN requests (a TCP connection) the target accepts. Normally, the machine replies with a SYN-ACK response, and after that the client follows up with an ACK to establish the connection. In a SYN flood, the ACK is never ever sent. The server continues to await the response, and if enough of these unfinished connections build up, the particular server can slow or even lock up.
* Smurf attack – While a ping flood depends on the attacker’s computer sending each ping, the smurf attack spoofs ping text messages to IP broadcast addresses. If the target machine responds and in turn contacts that IMCP echo request, this passes on to even more and eventually propagates to more machines, which can forwards the packets to even more. Modern routers have mostly fixed this problem, making smurf attacks less typical.
* UDP attack – The UDP flood involves sending several high volume UDP packets in order to occupy the target system and prevent reputable clients for accessing the machine. The process requires the opponent to find out if an UDP port is usually free and has no application hearing on it. It then sends the particular UDP packets, and the server is usually forced to reply with an ICMP location unreachable packet.
Although the particular goal of a logic strike is the same as a flood attack, the technique of intrusion is much different and sometimes more subtle. While flood assaults usually look to bombard a machine with an unusually high amount of standard traffic, logic attacks depend on non-standard traffic, exploited through protection holes in your system.
Generally, the logic attack requires your machine to have a discoverable weakness that the opponent can locate and then use towards it. Because of this requirement, it is usually easy to prevent by maintaining your server software and equipment up-to-date with the latest security areas and firmware respectively.
Many protection firms, IT professionals, and software program developers regularly test popular amazing and open source software with regard to security holes. When they discover it, the holes are usually quickly set, but the only way to accomplish broad distribution of fixes is to post the exploits. Attackers can then look for unpatched servers and infiltrate all of them.
While many logic attacks are usually strategic, it is possible for an attacker in order to randomly choose a server by using software program to locate exploits on the Internet. For that reason, you should keep your machine secure, even if you do not think somebody has a reason to attack this.
Distributed Denial of Service (DDoS)
If the aforementioned DoS attacks are similar to tornadoes, then a DDoS is like the hurricane. The techniques for attack are often the same. They may be flood assaults or logic attacks. The distinction is that a DDoS comes from several attackers in a simultaneous and synchronised assault. Because of the intensity and sheer power of the DDoS, it has become a common device for cyber terrorists, political dissidents, and general protests against companies or other public entities.
One of the common features of the DDoS is the usage of spoofed IP addresses, making it difficult to prevent the attackers. Futhermore, many of the computers used in a DDoS may have completely innocent owners that are not aware that their computers are now being used in an attack.
A DDoS will often start with a single attacking computer, but instead than exposing itself by using an immediate attack, it will locate vulnerable computer systems and servers all over the world and privately install the attacking software to them. In many cases, those contaminated computers will then seek out more “agents” to use in the attack. When the particular attacker is finish amassing this particular cyber army, they could have 100s or even thousands of agents.
Prevention, Detection, and Mitigation
Some types of DDoS attacks can be prevented simply by blocking unused ports, keeping software program updated, and using modern networking equipment. Others simply cannot be prevented, particularly if it is a DDoS. The best that can be done in those situations is to use recognition software to find the attacks early and prevent them from doing too much harm to your service.