Denial of Service Attack: Brief Tutorial
Denial of Service is a type of cyber attack in which an attacker floods the victim with a fake or useless traffic. As website hosted server’s resources are limited, these types of attack create a resource crunch for real or legitimate users. The motivation behind these types of attacks may be political gain, an intention of disrepute a big firm, ransom for stopping an attack etc.
Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks
Both attacks consume the resources of the victim and affect the availability. The main difference between DoS and DDoS is the number of IPs or systems involved in an attack.
In DoS attack, the whole attack originates from a single IP. But in the DDoS attack, an attacker may use different systems with different IPs to attack the victim with useless or fake traffic. An attacker may exploit system weaknesses such as known vulnerabilities to identify systems, compromise, control it and use them to attack the victim. Compromised systems called botnets which are the collection of internet-connected “bots” and all “bots” are controlled by an attacker.
Mirai IoT botnet
One of the famous DDoS attacks is Mirai IoT botnet (2017). Mirai is a malware which infects internet connected IoT cameras and other similar devices. This malware brute force the company's default username and password to access and control the IoT devices. Mainly this malware can be divided into two parts: the malicious code or virus and the command and control center (CnC). The virus is used to infect the system and CnC is used to control all the infected systems to attack the victim. Currently, the source code of this malware available on the internet for analysis and research purpose.
Types of DoS Attacks
DDoS attack mainly categorizes into three types:
Volumetric attack: In this type of attack, attacker flood the victim server with the high volume of fake network packets which is of no use. It exhausts resources of website hosted infrastructure and makes it unavailable for the legitimate user.
Application layer attack: Low-and-slow attacks, GET/POST floods are the examples of application layer attacks. The main purpose of this type of attack to exhaust connection limits of the web server.
Protocol attack: SYN floods, fragmented packet attacks, Ping of Death, Smurf DDoS are some well-known attacks of this type. Here, an attacker sends traffic from a spoof victim’s IP. As a result, attacker succeeded to flood the victim infrastructure by giving a response from an unknown third party.
Many open source tools available for DDoS attack. Refer this link for the complete list of tools with their download link: Top 15 DDoS Attack Tools
As DDoS attacks increasing day by day, the complexity and difficulty of identification of attack also increase. Manufacturer of different DDoS mitigation platforms used artificial intelligence and machine learning to detect and mitigate an attack. Although, no organization is able to claim 100% mitigation of DDoS attacks.
In this article, we have covered what is a DDoS attack, what is the major difference between DoS and DDoS, famous DoS attack Mirai IoT botnet and brief about the types of DoS attack.
Subscribe us to receive more such articles updates in your email.
If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!
Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.