DoS is known as Denial of Service attack which may slow down your website, it is created by a hacker who wish to attack most of the famous websites through fake traffic. It is a process of making network resources or machine unavailable to users or search engine by interrupting or suspending your host connection through internet. DDoS is a logical term which means a Distributed Denial of Service where there are more than one attackers to hit a target website through one IP or more IPs. Criminal motives of black mail, revenge or activism are concealed behind this attempt when someone attack a website or high profile web servers such as credit card payment gateways, banks or financial institutions.
What is Denial of Service Attack and how it attacks your Website?
DoS is an explicit attack by a hacker or more than one hacker to prevent legitimate users to stop using such services. Attackers may crash the hosting or website for two purposes.
- to crash services
- to create a flood of traffic to prevent users from using that target’s website services
In order to prevent attacking location usually hackers uses different IP addresses which is known IP address spoofing. This form will help you to hide attacking machine.
Internet Control Message Protocol (ICMP) flood
ICMP stands for Internet Control Message Protocol which is also known as Smurf Attack which sent so many packets to target host on particular network through different addresses of broadcast rather than using a single machine. Here hacker sent so many IP packets with the source address faked to appear to be the address of the victim. This attack consumes up all bandwidth and website gets slow or out of order. Ping Flood also helps you to create many ping packets especially used from UNIX based hosts. A malformed ping packet may crash target system which is known as Ping of death.
Here attacker sends TCP/SYN packets to website with forged sender address which are assumed as a connection request, so there are many packets, system gets crash because it is handle each of the request or packet. Due to half open connection which saturates the available connections, keep it from responding to legitimate request until after the attack ends.
Teardrop is a kind of attack used when someone sends overlapped mangled IPs to system. Due to different bugs in TCP/IP fragmentation re-assembly code, this kind of attack becomes very useful for a attacker and system is overloaded soon after the attack and website gets stuck.
Peer to peer attack is common term of DDoS attack which is mainly caused due to exploits use of DC++ which is known as Direct Connection. Basically direct connection is an open source file sharing client that directly shares data without having botnet and attacker don’t have to even communicate with target client.
Permanent denial-of-service attacks
Phlashing is a word used for PDoS which means attacker permanently damages your hardware in such a way that you have either to replace your hardware or reinstall your stuff again. Due to security flaws PDoS attacks get useful information about computer hardware where hacker modify firmware ( A type of software which provides control of a system) with his own modified firmware image so it is called a pure hardware attack.
- Application-layer floods
- HTTP POST DoS attack
- R-U-Dead-Yet? (RUDY)
- Slow Read attack
- Distributed attack
- Reflected / spoofed attack
- Telephony denial-of-service (TDoS)
- Sophisticated low-bandwidth Distributed Denial-of-Service Attack
- Denial-of-service Level II
- Advanced Persistent DoS (APDoS)
- DDoS extortion (Latest kind of attack)
Software/Tricks used for this Attack:
Hackers usually create their own path to attack server or site but here is a list of mostly used DoS attacking software as given below.
- Low Orbit Ion Cannon
- HULK (HTTP Unbearable Load King)
- DDOSIM—Layer 7 DDOS Simulator
- Tor’s Hammer
- OWASP DOS HTTP POST
- GoldenEye HTTP Denial Of Service Tool
Prevention to Stop DoS
There are different kind of ways to protect your website from DoS but it is not so easy to prevent your site, the most common form of this attack may damage your website therefore most of the webmaster uses Firewall to protect themselves, you have to save those IPs in Firewall to protect your website. Blackholding and sinkholding are two new approaches to protect your website; blackholding identifies fake traffic and blocks all but sinkholding routes traffic to a valid IP where traffic is analyzed. Today Clean pipes is the most recent form of handling DoS attacks which pass all traffic through a cleaned center and filter it back, AT & T, Verisign and TATA communication is providing such kind of services.