Attackers attempt to prevent the legitimate users from accessing some information or services using the denial-of-service (DoS) attacks.
Attackers may be able to prevent users from accessing their online accounts (banking, etc.), emails, websites, or any other services which rely on the affected computers by targeting computers and network connections, or computers and networks of the websites which users are trying to use.
The most obvious and common type of DoS attacks occurs when the attacker floods the network with information. As example, when you type the URL for particular website into the browser, you’re sending request to this website’s computer server in order to view particular page.
The server can process just certain amount of requests at once, so if the attackers overload server with requests, it may not process your request. This is what is called “denial of service” as you can’t access that website.
The attackers may also use spam email messages in order to launch similar attacks on users’ email accounts. Whether the user have email account supplied by an employer or any available through free service like Yahoo, Gmail, or Hotmail, you’re assigned specific quota, which will limit the data amount user can have in his account at any given time.
By sending large, or many, email messages to accounts, the attacker will consume his quota, preventing user from receiving the legitimate messages.
Differences between DoS and DDos Attacks
Denial of Service (DoS) attacks are a bit different from DDoS attacks such as:
DoS attacks use typically one Internet connection and one computer for flooding targeted system or resource, but DDoS attacks use multiple Internet connections and computers for flooding targeted resource. DDoS attack is usually global attack which is distributed via botnets.
Other major differences between DoS and DDoS are worth noting and substantive. In DoS attacks, perpetrators use single Internet connections to either exploit software vulnerabilities or flooding target with fake requests, often in attempt for exhausting server resources (such as, RAM and CPU).
On the contrary, the distributed denial of service (DDoS) attack is launched mainly from multiple connected devices, which are distributed across Internet.
These multi-device, multi-person barrages are generally harder for deflecting, mostly based on sheer volume of the devices involved. On the other hand DDoS attack assaults tend for targeting the network infrastructure in attempts for saturating it with a huge volume of traffic.
DDoS attack also differs in their execution. DoS attack is launched using the homebrewed scripts or the DoS tools such as Low Orbit Ion Canon, while the DDoS attack is launched from the botnets. Large clusters of many connected devices such as PCs, cellphones, or routers infected with the malware which allows remote control by attackers.
Basic Types of Denial of Service Attacks:
DoS attacks can be done in different ways such as.
- Disrupting state of information, like resetting the TCP sessions.
- Preventing specific individual from accessing the service.
- Disrupting connections between 2 machines, therefore preventing the access to the service.
- Disrupting services to particular system or individual.
- Flooding networks in order to prevent the legitimate network traffic.
Denial of Service Symptoms
The US-CERT (United States Computer Emergency Readiness Team) defined the symptoms of dos (denial-of-service) attacks to include:
- The dramatic increase in number of the spam emails received (such type of DoS attacks is considered as e-mail bomb).
- The unavailability of specific web sites.
- The unusually slow network performance (such as accessing web sites or opening files).
- The inability for accessing any web site.
- The long term denial of accessing the web or internet services.
- The disconnection of wired or wireless internet connections.
Denial-of-service attack may also lead to some problems in your network branches around actual computers being attacked. For instance, bandwidth of the router between the LAN and the Internet can be consumed by the attack, compromising not only intended computers, but also computers on the LAN or the entire network.
If the attacks are conducted on sufficiently large scale, the entire geographical regions of the Internet connectivity may be compromised without attackers’ knowledge or intent by the incorrectly configured or the flimsy network infrastructure equipment.
Denial of Service Attack Techniques
The denial-of-service attacks are characterized by explicit attempts by the attackers for preventing the legitimate users of services from using these services. There’re 2 general forms of the DoS attacks, first that crash services and the second is that flood services.
The most serious attack is the distributed and in many cases involves forging of the IP sender addresses (it’s commonly known as IP address spoofing) so that location of attacking machines won’t easily be identified, nor will filtering be done according to the source address. Following are some of the most known attacking techniques:
- Internet Control Message Protocol (ICMP) flood.
- (S)SYN flood.
- Teardrop attacks.
- Peer-to-peer attacks.
- Permanent denial-of-service attacks.
- Application-level floods.
- HTTP POST DDOS attack.
- R-U-Dead-Yet? (RUDY).
- Slow Read attack.
- Distributed attack.
- Reflected / spoofed attack.
- Telephony denial-of-service (TDoS).
- Denial-of-service Level II.
- Advanced Persistent DoS (APDoS).
- DDoS Extortion.
Denial of Service Defense Techniques
The defensive responses to the denial-of-service (dos) attacks involve typically using of the combination of the traffic classification, the attack detection, and the response tools, aiming for blocking the traffic which they identify as an illegitimate and allowing the traffic which they identify as a legitimate.
Provided below is list of the prevention and response tools:
- Application front end hardware.
- Application level Key Completion Indicators.
- IPS based prevention.
- DDS based defense.
- Sinkholing and blackholing.
- Clean pipes.
Denial of Service Attack Tools
There is a wide range array of programs which are used in order to launch the DoS attacks.
In some cases like MyDoom, tools are embedded in the malware, and they launch their attacks without any knowledge of system owners.
Stacheldraht is another classic example of the distributed denial of service tool. It can utilize layered structure where the attackers use the client program for connecting to the handlers that are compromised systems that can issue the commands to zombie agents that in turn facilitate the DDoS attacks.
Agents are also compromised via handlers by the attackers, using some automated routines for exploiting vulnerabilities in the programs which accept the remote connections running on targeted remote hosts. Every handler may control up to 1000 agents.
In some other cases, the machine can become a part of the DDoS attack with owner’s consent, for instance, in the Operation Payback, organized by the group that we know as “Anonymous”. The LOIC has been typically used in that way.
UK’s GCHQ also has tools that are built for DDOS, which are named “ROLLING THUNDER” and “PREDATORS FACE”.
How Do You Know If An Attack Is Happening?
Not all the disruptions to the service are result of DoS (denial-of-service) attack. There can be technical problems with specific network, or with the system administrators can be performing a maintenance. However, following symptoms might indicate DoS or DDoS attacks:
- The unusually slow network performance (such as accessing websites and opening files).
- The inability to access websites.
- The unavailability of particular website.
- The dramatic increase in the amount of spam that user receive in his account.
What Do You Do If You Think You Are Experiencing An Attack?
Even if users correctly identify the DoS or DDoS attacks, it’s unlikely that user will be able to determine source or actual target of the attack. Always contact appropriate technical professionals for the urgent assistance.
If the user notice that he can’t access his own files or can’t reach any external sites from his work computer, he must contact his network administrators. That can indicate that his computer or his organization’s network is under attack.
If the user is having similar experience on his home computer, he should also consider contacting his internet service provider (ISP). If there’s any problem, the ISP could be able to advise him of the appropriate course of action.
Types of Distributed Denial of Service Attacks
There’re various types of the DDoS attacks. The common attacks may include the following:
- Traffic Attacks: The traffic flooding attacks send huge volume of UDP, TCP, and ICPM packets to target. The legitimate requests get lost and such attacks can be accompanied by the malware exploitation.
- Application Attacks: The application layer data messages may deplete the resources in application layer, leaving target’s system services often unavailable.
- Bandwidth Attacks: This kind of DDos attacks overloads target with huge amounts of the junk data which may results in big loss of the network bandwidth and the equipment resources, plus that it may lead to complete denial of service.
Nowadays, the DDoS botnets like DD4BC grew in the prominence, and taking an aim at the financial institutions. The cyber-extortionists typically start with low-level attacks and warnings which larger attack can be carried out if the ransom isn’t paid in the Bitcoin. The security experts always recommend targeted sites to not pay ransom.
Cyberattacks now have become as fact and part of our life, with the data breaches of the high-profile organizations and businesses making the headline news on a daily basis practically. The most common type of such cyber threat is the denial of service (DoS) which renders the websites and any other online resources unavailable to the intended users. The most annoying type of attacks are the DDoS attacks (Distributed Denial of Service).
The DoS threats come in different flavors, with some that directly are targeting underlying servers’ infrastructure and others that exploit vulnerabilities in communication and application protocols.
The DoS assaults usually last for some days, weeks and sometimes even months, which is making them extremely destructive to the online organizations. They may erode the consumer trust, cause huge loss of revenues, cause user to suffer the long-term reputation damage, and also force businesses to spend fortunes in the compensations.