Everyone gets angry if their desired web page is loading in spite of high-speed connectivity.Because this is an attack that can crash almost any webserver, making it unavailable to its intended clients.This is an attack that has the capability to disrupt the entire cyber world.
Every server has a threshold bandwidth.When used more than its capacity it results in unavailability of service.This is the concept behind dos.The attacker uses this strategy to crash the server when huge amount requests are sent to the server above its threshold.Then the server will be unable to provide services to the intended users.
This is the common type DOS attack.A huge number of ping echo requests are sent to the targeted server causing overload.Thus, the server will be unable to provide service to the users.
The TCP works based on the three-way handshake.The client sends an SYN for which the server sends an SYN-ACK.Then upon receiving the SYN-ACK, the client sends the ACK.After the completion of the above handshake, the server and client is said to have a TCP connection.In TCP-SYN flooding the server is targeted with a large number of spoofed SYN requests for which the server sends SYN-ACK to the spoofed IPs.But it won’t get the ACK reply.Hence resulting in a large number of partially open connections.Ultimately leading to the denial of service.
THE SMURF ATTACK:
This attack utilizes the broadcast address of a network to cause the denial of service.When a ping request is sent to the broadcast address of a network, it is forwarded to every machine in that network.Then all the machines send the ping reply to the source IP.In this attack, the attacker sends the spoofed ping requests containing the target IP,which will be received by all machines in that network.The machines send their ping replies to the target machine causing the denial of service.
THE PING OF DEATH:
This was one of the historical attacks.A ping request packet can have a maximum size of 65536 bytes.But the Maximum transmission unit depends upon the medium of connection.For example, Ethernet has MTU of 1518 bytes, if the ping size is more than that then it is fragmented while transmission.At the other end, it is reconstructed to original size.When a ping request of more than 65536 bytes is reconstructed, the machines with an older version of windows will crash.
DOS USING DNS:
This uses open DNS servers the internet to target a web server.The attacker sends a small DNS query which has a huge response from DNS server.This DNS query contains the spoofed IP address which belongs to the target web server.The huge response from the DNS server goes to the target web server in the form of fragments as the response will be bigger than the MTU.The attacker will send multiple queries using the IP of the target which creates multiple responses from DNS server. This type of repeated DNS responses will saturate the bandwidth making the web server to crash.
Distributed denial of service:
The attacker uses a command and control server to control a number of machines over the internet.These machines are called BOTNET.These are just normal machines which were compromised.This could have been happened by clicking a malicious link etc.The attacker causes flooding in the target server using these bots.The impact of the DDOS is multiple times greater than that of the DOS.
Many hackers are available on the dark web to cause DDOS or DOS.The amount depends upon the type of the organization, the number of botnets required, duration of the attack etc and it will be mostly demanded in cryptocurrency.
Let’s discuss about the denial of service mitigation in the upcoming post.