Denial of Service Attacks (DoS) and Distributed Denial of Service (DDoS) in Cyber Security
What is DoS?
Denial of Service is disrupting businesses these days. It is a mechanism which weakens or damage use of the application or other services by exhausting resources like processing units, bandwidth, memory etc., on the server. Hackers send huge unusual traffic to the targeted machine for overloading the server by halting or slowing down its services.
Generally, the data emerging from sources passed through network nodes. This data is usually encrypted and send to server for further processing like storing or fetching in the database.
Each node on the network can handle limited traffics. Whenever it gets too much traffic, it got trouble processing that. E.g. when millions of end users tried to access promotional sales offered by any e-commerce or in case of ticket booking, too much traffic slows down the server, or it can halt responding to two-way communication channel due to exhaust resources.
You can defend your organization with cybersecurity training curriculum and awareness programs. Its vital courses can help you and your team to develop basal to advanced cybersecurity technique for your enterprise.
And then DDoS?
In a distributed denial of service (DDoS) attack the traffic sent to the host is originated from multiple sources. Preventing these attacks are challenging task because blocking a single source will not be enough to stop all the traffic from incoming sources.
Attackers mostly target websites or high traffic based systems or servers these days, e.g. payment gateway in websites. They adopt various techniques including protocol or volume based attacks for retarding your system. The primary focus of protocol-based attack is to exploit server while volume-based attack is targeted to soak the bandwidth of the site. It consumes server resources by disrupting load balancers. It can be measured in packets per second transfer.
SYN Floods :
The transfer control protocol (TCP) connection sequence which is expressed as ‘three-way handshake’ is exploited in SYN DDoS attacks. Initially, the hacker sends a synchronized message request to initialise a TCP based connection which is then acknowledged and confirmed by the host. Once the attacker gets confirmation then he spates the server with multiple SYN requests from spoofed IP addresses. If a victim’s server doesn’t respond to synchronized acknowledged requests, then it can raise trouble in closing connection while shutting down services.
Smurf DDoS :
In smurf DDoS attack hackers send a considerable amount of packets from spoofed IP source using IP broadcast addresses to internet control message protocol (ICMP) of a computer network so that most devices reply to the source IP address. If victim’s machine responds to these packets, then it flooded the traffic on their network weakening the system.
UDP Floods :
The user datagram protocol works as a sessionless networking protocol. In UDP flood the attacker sends UDP packets to random ports where the host investigate whether the application is listening on those ports but it won’t detect any application running over that port.
GET / POST floods :
The application layer attack is targeted to affect the 7th layer of the OSI model which uses the GET/POST based methods for serving internet request or response. A massive HTTP get or post based traffic over the network is sent by botnet which seems like an original request. Each bot sends a separated request to the server causing it trouble in distinguishing between traffic.
Teardrop attacks :
In teardrop attacks, the fragmented packets are sent to a targeted host machine. The send packets are not mustered by device due to a bug in TCP/IP fragmentation reassembly, causing the packets to overlap on one another and crashing the targeted machine. The fragment offset field in IP header indicates the starting position of the original packet which contains data. If next fragmented offset address mismatched with the size of previous one, the packets overlap. In this case, the server is unable to reassemble packets causing loss.
How to Protect :
According to a research conducted by corero, the DoS attacks can cause loss up to 50,000 USD per attack. You need to design an effective resiliency plan with technical and comprehensive competencies that outline how your business can fall under these attacks to achieve maximized protection. An incident response team should be available to handle attacking scenarios quickly.
Hackers use small attacks to test stress on your network for finding vulnerabilities. So monitoring such attacks will help you to understand and make quick decisions before breaching incident. There are so many vendors present in the market providing paid solution plan for your product including backup and recovery. If you have not taken any protection plan yet, you are already under an attack. Consider and implement these strategies in your business before it gets too late.