DDoS – Distributed Denial of Service attack

When a number of systems i.e. one or more than one web server floods the resources and bandwidth of a targeted system then a distributed denial of service attack (DDoS) takes place, Different types of methods are used by attackers in order to compromise the systems.

It is the malware that can carry out the mechanisms of DDoS attack; its best example was MyDoom. The mechanism of its DoS was actually triggered on a specific time and date. The DDoS of this kind involves hardcoding of the target IP address before the release of malware and there was no need of communication for launching the attack.

It can also happen that the system may be compromised with a trojan, giving a permission to the attacker downloading a zombie agent (sometimes the trojan already contain one). Attackers can destroy the systems with the help of automated tools that exploit the faults present in programs and listen for connections from far away hosts. The primary concern of this scenario is that the systems start serving as web servers.

One of the classic examples of DDoS tool is Stacheldraht DDoS tool. A layered structure is used and the attacker make use of a client program for connecting to the handlers, and these are compromised systems that send commands to the zombie agents, which give rise to DDoS attack. The handlers can control the agents with the use of automated routines in order to exploit program’s vulnerabilities that accept the connections running far away on the targeted hosts. Every single handler has a capacity to control up to 1000 agents.

These systems compromisers are referred to as botnets. Still the DoS tools like Stacheldraht utilizes the classic method of DoS attack centered on IP spoofing as well as amplification like fraggle attacks and smurf attacks (also referred to as bandwidth consumption attacks). Sometimes the SYN floods or resource starvation attacks may be used too. For the purpose of DoS modern tools can utilize DNS servers.

The attacks like SYN floods which are actually simple, make its appearance with a big range of source IP addresses, so it seems as if it is a properly distributed DoS. For these flood attacks there is no requirement to complete the TCP three way handshake as well as there is no need of trying to exhaust the bandwidth of server. There are chances that the origination of the attack may be based on one host because the IP addresses of the source can be fake. The best way to deal SYN queue flooding is with stack enhancements like syn cookies, however, in order to exhaust the bandwidth completely involvement is required.[need more explanation]

Unlike MyDoom’s DDoS mechanism, Botnets are not like MyDoom’s DDoS mechanism because botnets can work against any IP address. It is used by script kiddies in order to make the famous websites unavailable to the legal users. If the attackers are sophisticated then they use DDoS tools for carrying  out extortion – even to deal with their rivals in business

Such attacks fall in the category of DoS attack if an attacker mounts it from a single host. Actually, the attack in reaction of availability also falls in the category of Denial of Service attack. In addition,  if multiple systems are used by attacker in order to launch attacks one after the another against to a far away host, this would then fall in the category of DDoS attack.

There are some major benefits that an attacker can enjoy by using a distributed denial-of-service attack: when more machines are used then more traffic can be generated, it is difficult to switch off so many attack machines as compared to one attack machine, the attack machine’s behavior becomes furtive, which makes it difficult to track as well as shut down. All the benefits that attacker enjoy can become challenging for mechanism of defense. For example, if you just purchase more incoming bandwidth as compared to the existing volume of the attack then this would not be so helpful, the reason is that the attack machines can be added by the attacker.

Sometimes the owner permits to make the machine part of a DDoS attack.  One of the most popular examples of this is the DDoS attack (2010) against big credit card companies by WikiLeaks supporters. In these types of cases, the movement supporters (the ones against the arrest of WikiLeak’s founder Julian Assange) opted to download and run the software of DDoS.

If you need more about DoS and DDoS attacks, consider this:

Further reading:

Leave a Reply