Friday, October 22, 2010

DOS and DDOS: An article on Hacking using Denial of Service Attacks

A very common term in the field of hacking and Security is DoS Attack. Hackers employ a number of techniques to attack and disrupt computer systems and networks. There is an important point here, to understand the two flavors of DOS attacks. Attacks can be of different types depending on the aim and speciality of the attacker. Some just want to disrupt computer systems but there are some hackers who intend to infiltrate the computers and steal sensitive information for drastic and really crazy purposes.

DOS or Denial of Service attack: This is a common way to attack a computer network. The main intention of a DOS attack is to disrupt the activities of the server through overloading it with unwanted requests. The attacker usually sends large number of requests to the server which leads to overloading. When the server gets overloaded, it is unable to answer to normal requests. DOS attacks are usually directed at websites. It is very easy to prevent and stop DOS attacks. In very plain words it should be noted that DOS attack if properly done can bring server on knees. Users and some scripts and functions would be starved of some services. These services may be among some of the crucial ones.

As said on the Symantec Website:
DoS is a Denial of Service to a victim trying to access a resource. In many cases it can be safey said that the attack requires a protocol flaw as well as some kind of network amplification.
Denial of Services is also an attack on a computer system or network that causes a loss of service to users, typically the loss of network connectivity and services through the the consumption of bandwidth of the victim network, or the overloading the computational resources of the victim system.
The motivation for DoS attacks is not to break into a system. Instead, it is to deny the legitimate use of the system or network to others who need its services. One can say that this will typically happen through one of the following means:
1. Crashing the system.
2. Deny communication between systems.
3. Bring the network or the system down or have it operate at a reduced speed which affects productivity.
4. Hang the system, which is more dangerous than crashing since there is no automatic reboot. Productivity can be disrupted indefinitely.



There is yet another but more advanced form of denial of service attack. Here, a large number of zombie computers are used to send requests to the server which is being attacked. This is popularly known as DDOS or Distributed Denial of Service Attack. This attack causes the server to get overburdened within a short span of time. The zombie computers are controlled by hackers by means of malware. Because of the large number of computers involved in the attack, the power of the attacker gets magnified thousands of times. The best way to protect against distributed denial of service attacks is to use a traffic filter. A traffic filter is a device that prevents traffic from the IPs from where the malicious requests are originating.
Again it is worth to mention what Symantec website says about this:
A Distributed DoS (DDoS) is the combined effort of several machines to bring down victim. In many cases there is a master machine that launches the attack to zombie machines that are part of a bot network, as shown below in Figure 1. Some bot networks contain many thousands of machines used to launch an attack.

-Mohd Anwar Jamal Faiz
Software Engineer (White Box API and Security) at Leading Software Product Company

2 comments:

  1. Way to go sir!!! You did it!!!
    And you are right about network...It is THE MOST important thing today to grow...Best wishes for your future :)

    ReplyDelete
  2. Thanks Sadia.
    Even in ma dreams, You are always there to help and guide me.
    Take care:)

    ReplyDelete