Denial of Service Attack: Brief Tutorial

Denial of Service is a type of cyber attack in which an attacker floods the victim with fake or useless traffic. A website-hosted server’s resources are limited, and these types of attacks create a resource crunch for real or legitimate users. The motivation behind these types of attacks may be political gain, an intention to disrepute a big firm, the ransom for stopping an attack, etc.

Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks

Both attacks consume the resources of the victim and affect the availability. The main difference between DoS and DDoS is the number of IPs or systems involved in an attack.

In a DoS attack, the whole attack originates from a single IP. However, in a DDoS attack, an attacker may use different systems with different IPs to attack the victim with useless or fake traffic. An attacker may exploit system weaknesses such as known vulnerabilities to identify systems, compromise them, control them, and use them to attack the victim. Compromised systems called botnets are the collection of internet-connected “bots” and all “bots” are controlled by an attacker.

Mirai IoT botnet

One of the famous DDoS attacks is the Mirai IoT botnet (2017). Mirai is malware that infects internet-connected IoT cameras and other similar devices. This malware brute force the company's default username and password to access and control the IoT devices.  Mainly this malware can be divided into two parts: the malicious code or virus and the command and control center (CnC). The virus is used to infect the system and CnC is used to control all the infected systems to attack the victim. Currently, the source code of this malware is available on the internet for analysis and research purposes.

Types of DoS Attacks

The DDoS attack is mainly categorized into three types:

Volumetric attack: In this type of attack, the attacker floods the victim server with a high volume of fake network packets which is of no use. It exhausts resources of website-hosted infrastructure and makes it unavailable for the legitimate user.

Application layer attack: Low-and-slow attacks and GET/POST floods are examples of application layer attacks. The main purpose of this type of attack is to exhaust the connection limits of the web server.

Protocol attack: SYN floods, fragmented packet attacks, Ping of Death, and Smurf DDoS are some well-known attacks of this type. Here, an attacker sends traffic from a spoof victim’s IP. As a result, the attacker succeeded in flooding the victim's infrastructure by giving a response from an unknown third party.

Tools Used

Many open-source tools are available for DDoS attacks. Refer to this link for the complete list of tools with their download link: Top 15 DDoS Attack Tools

Conclusion

As DDoS attacks increase day by day, the complexity and difficulty of identification of attack also increase. Manufacturers of different DDoS mitigation platforms use artificial intelligence and machine learning to detect and mitigate an attack. Although, no organization is able to claim 100% mitigation of DDoS attacks.

In this article, we have covered what is a DDoS attack, are the major differences between DoS and DDoS, the famous DoS attack Mirai IoT botnet, and a brief of the types of DoS attacks.