A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. DDoS attacks achieve effectiveness by utilizing multiple compromised computer systems as sources of attack traffic. Exploited machines can include computers and other networked resources such as IoT devices. From a high level, a DDoS attack is like a traffic jam clogging up with highway, preventing regular traffic from arriving at its desired destination.
3. WHAT IS “DOS ATTACK”
Denial-Of-Service Attack = DOS Attack is a malicious
attempt by a single person or a group of people to
cause the victim, site or node to deny service to it
customers.
DoS = when a single host attacks
DDoS = when multiple hosts attack simultaneously
4. Purpose“DOS ATTACKS”
Purpose is to shut down a site, not penetrate it.
Purpose may be vandalism, extortion or social action
(including terrorism) (Sports betting sites often
extorted)
Modification of internal data, change of programs
(Includes defacement of web sites)
6. TYPES OF DOS ATTACKS
Penetration
Eavesdropping
Man-In-The-Middle
7. TYPES OF DOS ATTACKS
Penetration
Attacker gets inside your machine
Can take over machine and do whatever he
wants
Achieves entry via software flaw(s), stolen
passwords or insider access
8. TYPES OF DOS ATTACKS
Eavesdropping
Attacker gains access to same network
Listens to traffic going in and out of your machine
9. TYPES OF DOS ATTACKS
Man-in-the-Middle
Attacker listens to output and controls output
Can substitute messages in both directions
10. How to Attacks
Using lbd.sh / Slowloris.pl both Command line
software
Function Of lbd.sh :- Load Balancing Detector :-
lbd (load balancing detector) detects if a given
domain uses DNS and/or HTTP Load-Balancing
(via Server: and Date: headers and diffs between
server answers).
Using Slowloris.pl Tool :- Slowloris is a piece of
software written by Robert "RSnake" Hansen
which allows a single machine to take down
another machine's web server with minimal
bandwidth and side effects on unrelated services
11. HOW TO PROTECT FROM DoS
Attacks
Firewalls - can effectively prevent users from
launching simple flooding type attacks from machines
behind the firewall.
Switches - Some switches provide automatic and/or
system-wide rate limiting, traffic shaping, delayed
binding to detect and remediate denial of service
attacks
Routers - If you add rules to take flow statistics out of
the router during the DoS attacks, they further slow
down and complicate the matter
DDS based defense