Network hacking

Denial of Service Attack

                          By Abir Atarthy

  

Denial of Service

A DoS attack is an attempt by a hacker to flood a user’s or an organization’s system.

During a Denial of Service (DoS) attack, a hacker renders  a system unusable or significantly slows the system by overloading  resources or preventing legitimate users from accessing  the system. These attacks can be perpetrated against an individual system or an entire  network and are usually successful in their attempts.

Session hijacking

is a hacking method that creates a temporary DoS for an end user when

an attacker takes over the session. Session Hijacking is used by hackers to take over a current   session after the user has established an authenticated session. Session hijacking can also be  used to perpetrate a man-in-the-middle attack when the hacker steps between the server and  legitimate client and intercepts all traffic.

Types of DoS Attacks

 

There are two main categories of DoS attacks. DoS attacks can be either sent by a single system  to a single target (simple DoS) or sent by many systems to a single target (DDoS).

The goal of DoS isn’t to gain unauthorized access to machines or data, but to prevent

legitimate users of a service from using it. A DoS attack may do the following:

_

Flood a network with traffic, thereby preventing legitimate network traffic.

_

Disrupt connections between two machines, thereby preventing access to a service.

_

Prevent a particular individual from accessing a service.

_

Disrupt service to a specific system or person.

Different tools use different types of traffic to flood a victim, but the result is the same: A

service on the system or the entire system is unavailable to a user because it’s kept busy trying  to respond to an exorbitant number of requests.

A DoS attack is usually an attack of last resort. It’s considered an unsophisticated attack

because it doesn’t gain the hacker access to any information but rather annoys the target and  interrupts their service. DoS attacks can be destructive and have a substantial impact when  sent from multiple systems at the same time (DDoS attacks).

  

. DDoS attacks can be perpetrated by BOTs and BOTNETS, which are compromised

systems that an attacker uses to launch the attack against the end victim. The system or

network that has been compromised is a secondary victim, whereas the DoS and DDoS

attacks flood the primary victim or target.

 

How DDoS Attacks Works?

 

DDoS is an advanced version of the DoS attack. Like DoS, DDoS also tries to deny access  to services running on a system by sending packets to the destination system in a way that  the destination system can’t handle. The key of a DDoS attack is that it relays attacks from  many different hosts (which must first be compromised), rather then from a single host like  DoS. DDoS is a large-scale, coordinated attack on a victim system.

The services under attack are those of the primary victim; the compromised systems used to  launch the attack are secondary victims. These compromised systems, which send the DDoS  to the primary victim, are sometimes called  zombies  or  BOTs

. They’re usually compromised  through another attack and then used to launch an attack on the primary victim at a certain time

or under certain conditions. It can be difficult to track the source of the attacks because they originate  from several IP addresses.

DoS/DDoS Countermeasures

 

There are several ways to detect, halt, or prevent DoS attacks. The following are common

security features available:

Network-ingress filtering

All network access providers should implement network-ingress

filtering to stop any downstream networks from injecting packets with faked or spoofed

addresses into the Internet. Although this doesn’t stop an attack from occurring, it does make

it much easier to track down the source of the attack and terminate the attack quickly.

Rate-limiting network traffic

A number of routers in the market today have features that  let you limit the amount of bandwidth some types of traffic can consume. This is sometimes

referred to as  traffic shaping

.

Intrusion detection systems

Use an intrusion detection system (IDS) to detect attackers

who are communicating with slave, master, or agent machines. Doing so lets you know

whether a machine in your network is being used to launch a known attack but probably

won’t detect new variations of these attacks or the tools that implement them. Most IDS

vendors have signatures to detect Trinoo, TFN, or Stacheldraht network traffic.

Host-auditing tools

File-scanning tools are available that attempt to detect the existence

of known DDoS tool client and server binaries in a system.

Network-auditing tools

Network-scanning tools are available that attempt to detect the

presence of DDoS agents running on hosts on your network.