Denial Of Service Explained (DOS)

DENIAL OF SERVICE EXPLAINED (DOS)

Denial-of-service Attack is a very famous and common attack we daily experience such attacks but we are not able to figure it out.Let me define Denial-of-service (DOS) for you  a denial-of-service attack (DoS attack) or Distributed Denial-Of-Service attack (DDoS attack) is an attempt to make a machine or network resource unavailable to its intended users. What it means is sometimes we visit a website the website keeps on loading and after a while the connection from the server breaks and we get website not available error.Mostly high profile servers like bank servers, credit card payment gateways and even social services servers are targetted by hackers.

 How Denial Of Service Works

A hacker tells one or more of his computers contact a specific server or Web site repeatedly.The sudden increase in traffic can cause the site to load very slowly for legitimate users. Sometimes the traffic is enough to shut the site down completely.

Some of famous Methods of Attack

● Ping of Death - bots create huge electronic packets and sends them on to victims

● Mail bomb - bots send a massive amount of e-mail, crashing e-mail servers

● Smurf Attack - bots send Internet Control Message Protocol (ICMP) messages to reflectors.

● Teardrop - bots send pieces of an illegitimate packet; the victim system tries to recombine the pieces into a packet and crashes as a result

● SYN flood-A SYN flood occurs when a host sends a flood of TCP/SYN packets, often with a forged sender address.

● Permanent denial-of-service attacks - This attack that damages a system so badly that it requires replacement or re-installation of hardware.

● Denial-of-Service Level II -The goal of DoS L2 attack is to cause a launching of a defense mechanism which blocks the network segment from which the attack originated. In case of distributed attack or IP header modification (that depends on the kind of security behavior) it will fully block the attacked network from Internet, but without system crash.

TOOLS

LOIC (Low Orbit Ion Cannon)

LOIC was used by Project Chanology, a project by the Anonymous group, to attack websites from the Church of Scientologythen by Anonymous itself to successfully attack the Recording Industry Association of America's website in October 2010,and again during Operation Payback in December 2010 to attack the websites of companies and organizations that opposed WikiLeaks.It is an open source network stress testing and denial-of-service attack application, written in C#. LOIC was initially developed by Praetox Technologies, but was later released into the public domain,and now is hosted on several open source platforms.The software has inspired the creation of an independent JavaScript version called JS LOIC, as well as LOIC-derived web version called Low Orbit Web Cannon. These enable a DoS from a web browser.LOIC performs a denial-of-service (DoS) attack (or when used by multiple individuals, a DDoS attack) on a target site by flooding the server with TCP packets or UDP packets with the intention of disrupting the service of a particular host. People have used LOIC to join voluntary botnets.

HOIC (High Orbit Ion Canon).

It is another dos tool it is not much famous like LOIC but is very powerful and has a good GUI.It is windows executable.

HULK

HULK (Http Unbearable Load King) is a web server denial of service tool written for research purposes. It is designed to generate volumes of unique and obfuscated traffic at a webserver, bypassing caching engines and therefore hitting the server's direct resource pool.

DOS prevention

●  Mitigation performance – high rate DDoS must be mitigated by specialized hardware to withstand the attack load while allowing legitimate traffic to pass through – e.g. Anti-DDoS solutions using ASIC-based DDoS Mitigation Engines

●  Reducing reaction time – Network Behavioral Analysis (NBA) technology should be utilized to automatically and accurately distinguish attack traffic from legitimate traffic – at all layers including layer-7 (e.g. HTTP)

●  Blocking multiple attack vectors – using NBA, IPS and DoS technologies within a single Anti-DDoS solution ensures no attack is overlooked during a multi-vector attack campaign.

●  Firewalls like nexusguard,cloudflare etc helps protect ddos attacks efficiently by providing reverse ip proxy and limiting ping from a certain ip.

●  Apart from Web Firewalls,Firewalls for system like iptables and comodo are also very helpful in preventing ddos attacks. They block the ip of the attacker which kick him off the server.

●  Web Server matters most ddos attack fail to exploit nginx.

●  For bandwidth saturation attacks, make sure your service provider can mitigate volumetric attacks that may saturate your bandwidth.

Note : Always Configure your firewalls,ports and other server mechanism correctly becuase I have seen cases where the admin has not configured his firewall correctly and becomes a victim of DDOS.

Note For Server Administrators: A fact is despite being designed to provide network security, firewalls and intrusion prevention systems (IPS) are impacted by DDoS attacks.To stop DDoS attacks you can also go for dedicated hardware solutions.