Scribd
Upload
61 views21 pages

What Is A DDoS Attack and How Can It Be Fended Off

- DDoS attacks involve multiple compromised systems flooding a target with traffic to overwhelm its resources and make services unavailable to legitimate users. There are different types including volume-based, protocol-based, and application-based attacks. DDoS attacks aim to gain competitive advantage, make ransom demands, or be used for activist behavior. Prevention methods include load balancers, firewalls, detection/mitigation tools, and cloud services. A live demo shows a Linux system overwhelmed by a DOS attack using the hping3 tool.

Uploaded by

Jay Zacarias
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
61 views21 pages

What Is A DDoS Attack and How Can It Be Fended Off

- DDoS attacks involve multiple compromised systems flooding a target with traffic to overwhelm its resources and make services unavailable to legitimate users. There are different types including volume-based, protocol-based, and application-based attacks. DDoS attacks aim to gain competitive advantage, make ransom demands, or be used for activist behavior. Prevention methods include load balancers, firewalls, detection/mitigation tools, and cloud services. A live demo shows a Linux system overwhelmed by a DOS attack using the hping3 tool.

Uploaded by

Jay Zacarias
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 21

What Is A DDoS Attack And

How Can It Be Fended Off?

Prepared by:
Engr. Virgilio A. Zacarias, Jr.
• With work from home being the norm in today’s era, people spend considerable
time on the internet, often without specific measures to ensure a secure session.
Apart from individuals, organizations worldwide that host data and conduct
business over the internet are always at the risk of a DDoS attack.

• Now, begin by learning about what is a DDoS attack.


What Is a DDoS Attack?
• To understand how a DDoS attack works, you must know what a denial of service
attack or a DOS attack is.

• In a DOS attack, the hacker seeks to make the resources of a particular server,
database, or router inaccessible to its users. This can be done by clogging the
available bandwidth of the target, be it via continuous web requests or indefinite
ping commands. Analogous to how blocking a shop’s door prevent potential
clients from entering it, DOS attacks were complete distress in the early days of
network security.
• The term DDoS is an acronym for ‘distributed denial of service’. Instead of a
single device attacking a single server, DDoS attacks have multiple systems
attacking a target, identifying the original hacker. With all the devices trying to
access the resources of a server, legitimate users are unable to access them, which
causes a server outage of sorts.

• Now that you have learned what is a DDoS attack, take a look at how a DDoS
attack works.
HOW DOES A DDOS
AT T A C K W O R K ?

• A DDoS attack is a two-phase process.

• Phase 1: The hacker creates a botnet of


devices. Simply put, a vast network of
computers is hacked via malware,
ransomware, or simple social engineering.
These devices are a part of a botnet network,
which can be triggered anytime to start
bombarding a system or a server on the
instruction of the hacker that created the
botnet. The devices in this network are called
bots or zombies.
• Phase 2: When the hacker finds the right
time to attack, all the zombies in the botnet
network send requests to the target, taking
up all the server’s available bandwidth.
These can be simple ping requests or
complex attacks like SYN flooding and
UDP Flooding.
Types of DDoS Attacks

• Volume/Network-Based Attacks: These attacks focus on clogging all the available


bandwidth for the server, cutting the supply short. Several requests are sent to the
server, all warrant a reply, thereby not allowing the target to cater to general
users. Example - ICMP echo requests and UDP floods.
• Protocol Based Attacks: These attacks are meant to consume essential resources of
the target server. They exhaust the load balancers, and firewalls meant to protect
the system against such DDoS attacks. Example - SYN floods and ping of death.
• Application-Based Attacks: These are relatively sophisticated attacks that target
application and operating system-level vulnerabilities. They prevent the specific
applications from delivering the necessary information to users and hog the network
bandwidth up to the point of a system crash. Example - HTTP flooding and BGP hijacking.
• Fragmentation Attacks: This attack category involves a hacker sending tiny fragments of
web requests slower than usual. Since a server needs to receive all the fragments before
moving on to a different request, getting stuck with a single request’s fragments takes up
all the resources indefinitely. Example - Teardrop attack and ICMP flooding.
To better understand why DDoS attacks are so commonplace in today’s day and age, take a
look at some of the aims a DDoS attack may have had when being launched.
A I M O F D D O S AT T A C K S
• Competitive Advantage: Many DDoS attacks are conducted by hacking
communities against rival groups. Some organizations hire such communities to
stagger their rival’s resources at a network level to gain an advantage in the
playing field. Since being a victim of a DDoS attack indicates a lack of security,
the reputation of such a company takes a significant hit, allowing their rivals to
cover up some ground.
• Ransom Demands: Some hackers launch these DDoS attacks to hold
multinational companies at ransom. The resources are jammed, and the only way
to clear the way is if the target company agrees to pay a designated amount of
money to the hackers.
• Activist Behaviour: Certain activists tend to use DDoS attacks to voice their
opinion. Spreading the word online is much faster than any local rally or forum.
Primarily political, these types of attacks can also focus on online communities,
ethical dilemmas, or even protests against corporations.
Now that you have a good understanding of the aim and working of DDoS attacks,
you will learn some ways you can protect yourself from such attacks.
P R E V E N T I O N O F D D O S AT TA C K S
• Load Balancers & Firewalls: Load balancers re-route the traffic from one server
to another in a DDoS attack. This reduces the single point of failure and adds
resiliency to the server data. Firewalls block unwanted traffic into a system and
manage the number of requests made at a definite rate. It checks for multiple
attacks from a single IP and occasional slowdowns to detect a DDoS attack in
action.
• Detection & Mitigation: Having a response plan for DDoS attacks is highly
crucial. The sooner such a breach is noted, the easier it is to clear the clogging.
One can also employ DDoS prevention tools like Imperva to lessen their load
under high-pressure situations.
• Switch to Cloud Service: With many organizations already aboard, cloud
computing giants like Amazon web services (AWS) and Microsoft Azure have
advanced DDoS protection tools in place. Furthermore, this eliminates the need
for having a response plan to combat an attack since the engineers at the
respective cloud providers will bear the brunt of the breach.
In the final topic of this lesson on what is a DDoS attack, you will see a live demo
where a Linux system is breached with a DOS attack.
Live Demo

• You have two virtual machine instances in this demo. One of them is Parrot
Security, which a hacker generally uses to launch certain attacks like DDoS on
specific targets. The second virtual machine is a standard Linux distribution that
acts as our target system. The majority, if not all, servers worldwide use Linux as
a backend, thanks to its stability and low resource consumption.
1 . Yo u h a v e t o s e t u p a w i r e s h a r k p r o g r a m o n o u r t a rg e t
system, which helps analyze the network traffic being sent
and received from the instance.
2. To attack the target, you need to get its IP address, which
a c t s a s a n i d e n t i f i e r f o r t h e s y s t e m . Yo u c a n f i n d t h e l o c a l I P
address by using the command “ifconfig”.
3. To launch the attack, we will need a program called hping3. It is
a c o m m a n d - l i n e t o o l t h a t a c t s a s a p a c k e t g e n e r a t o r a n d a n a l y z e r
f o r t h e T C P / I P p r o t o c o l . Yo u w i l l u s e t h e I P a d d r e s s d e t e c t e d i n t h e
p r e v i o u s i m a g e t o s t a r t t h e a t t a c k . T h e c o m m a n d t o b e g i v e n u s i n g
h p i n g 3 i s :
4 . O n c e t h i s c o m m a n d i s r u n , y o u c a n w a t c h t h e w i r e s h a r k w i n d o w
o n o u r t a r g e t s y s t e m a n d w a t c h a f l u r r y o f r e q u e s t s b e i n g s e n t
f r o m a s i n g l e I P a d d r e s s . A f t e r a f e w s e c o n d s , t h e s y s t e m b e c o m e s
c o m p l e t e l y u n r e s p o n s i v e d u e t o t h e l a c k o f p r o c e s s i n g p o w e r i n
h a n d l i n g s o m a n y r e q u e s t s s i m u l t a n e o u s l y.
• What you just launched was a DoS attack or a simple denial of service attack.
Attacks of such small magnitude are not able to break down the behemoth servers
for multinational corporations. When multiple systems start doing the same thing
to more extensive and robust systems, they eventually succumb to the attack
unless urgent measures are taken. Since more than a single system disrupts
communication, it’s termed DDoS, or distributed denial of service.

You might also like