Yesterday we talked about how Denial of Service or Dos Attack can bring down a service or site. Its interesting to know that how the basics of internet can be “used”. Sometimes back I talked about Security vulnerabilities – why we made web so insecure ? where a good discussion came along. Sometimes I think its all in the architecture but then HTTP was never meant to be secure.
Coming back to Dos Attacks lets talk about the types, more specifically the levels of attacks. By levels I mean how different sections of network architecture can be targeted with Dos attacks
Types or Levels of Dos Attacks
- Bandwidth Attacks: If you load any site, it takes certain time to “load”. Loading means it appears on your screen with the images and texts. This “loading” consumes some amount of memory. Every site is given with a particular amount of bandwidth by its hosting, say for example 100Gb. Now if i get more visitors who consumes all my 100GB bandwidth, the hosting of the site can ban your site. So now if the attackers does the same. He can open 100 pages of a site and keep on refreshing and consume all the bandwidth and its out of service.
- Logic Attacks: These kinds of attack can exploit vulnerabilities in network software such as web server or the underlying TCP/IP stack
- Protocol Attacks: Exploiting a specific feature or implementation bug of some
protocol installed at the victim in order to consume excess amounts of its resources. Protocols here are rules that is to be followed to send data over network. I found this document on 5 Protocol attacks which explains of you in detail on protocol attacks. Its a little bit geeky but worth trying it.
Here are some images which can explain a little more, I am restricting this article to be complete geeky which might take of you interest. The best is to read the above link if you want some more details.
How to prevent Dos Attacks ?
Honestly speaking there is no full proof method, as these attacks take advantage of bugs and exploits present in the system. So the best method I was able to find was to keep yourself updated with latest security patches, allowing only necessary traffic or at least monitoring where your traffic is coming from if there is a sudden rise in traffic and block the particular ip.Check this document on Help Defeat Distributed Denial of Service Attacks: Step-by-Step ( Guess this is what you were looking for Rajat ;))
Introduction to DDos ( Distributed Denial of Service )
One step ahead, DDos does is capable of doing more harm. With this attacker can use the victims system to infect other connected systems or send a spam. Attacker can find a weakness in the system and can inject a malware or a software which can be remotely used. Using this now attacker can make the server “a slave” and send spams or get access to files using its permission.Thousands of system can be targeted from a single point ( Imagine if Google server can be hacked to send spams to all Gmail Inboxes !!!! Scary right!!) . When used for this one purpose you can see an propagating effect which multiplies. This one machine can infect other thousands of machine thus turning several megabytes of traffic to several gigabytes. This sudden increasing flow can crash down any server.
Dos attacks are a result of exploiting the vulnerabilities present in the system or architecture. This can bring down any service be overloading it or injecting it to do so. Resulting is no further request processed by the server. The best way to avoid them is to keep yourself updated with latest patches.
I hope you enjoyed this article. I would like to go into the details of DDos but its a little geeky. If I see some good response I might take one more post for this