There is one type of attack that’s becoming much more prevalent on the internet and that’s the Distributed denial of service or DDOS attack. This particular form of attack was relatively scarce until a few years ago, probably because it was seen as difficult to profit from. There are several reasons why that has changed and indeed there are probably more of these attacks taking place than any other more technical one. The simplicity of the DDOS attack is probably one of the main reasons why it’s becoming more common. Although preparing the infrastructure for the attack takes some knowledge and considerable effort, after the initial phase it can be pretty much push button. Indeed you can gain access to a network for these attacks for a small fee and you literally have to just type in a URL and press go.
The army of compromised machines required to support this attack are normally created by a variety of methods including viruses embedded in emails and urls. Another method is to enable free proxies for people to use and then infect their machines whilst they’re browsing. It’s worth noting that if you need a VPN or proxy then it’s worth spending a few pennies on a professional service than risking your own machine. You can read about one in this article – How to Watch UK TV Online in France, although there are plenty of others too.
A Denial of Service (DOS) attack is actually any attack which interferes with the operation of a system in order that legitimate users can no longer access it. DoS attacks are actually possible on most network hardware, including switches, web servers, ﬁrewalls, remote access computers, and almost every other network resource.A DoS attack can be speciﬁc to a service, such as in an FTP attack, or an entire machine.The kinds of DoS are varied and wide ranging, however, they can be separated into two distinctive categories that relate to intrusion detection: resource reduction and malicious packet attacks.
Malicious packet DoS attacks work by transmitting abnormal trafﬁc to a host so as to bring about the service or the host itself to crash. Crafted packet DoS attacks take place when computer software is not properly coded to handle abnormal or unusual traffic. Commonly out-of– specification traffic can easily cause software to react unexpectedly and crash. Attackers can use crafted packet DoS attacks to bring down IDSs, even Snort.A specially crafted tiny ICMP packet with a size of 1 was found to cause Snort v. 1.8.3 to core dump. This version of Snort did not actually properly deﬁne the minimum ICMP header dimensions, which in turn allowed the DoS to happen.
Alongside out of spec trafﬁc, malicious packets can easily consist of payloads which cause a system to crash. A packet’s payload is taken as input right into a service. In the event that the input is not actually properly assessed, the application can be DoSed. The Microsoft FTP DoS attack illustrates the comprehensive range of DoS attacks available to black hats in the wild.The first step in the attack is actually to start a genuine FTP connection.The attacker would at that point release a command together with a wildcard sequence (such as * or?). Within the FTP Web server, a function which processes wildcard patterns in FTP commands does not allocate sufficient memory when executing pattern matching. It is actually feasible for the attackers command incorporating a wildcard sequence to induce the FTP service to crash.This DoS, and the Snort ICMP DoS, are 2 good examples of the many thousands of potential DoS attacks readily available.
The additional method to deny service is via resource depletion.A resource depletion DOS attack functions by means of overwhelming a service with too much normal trafﬁc that legitimate individuals can not gain access to the service. An attacker over runing a service with regular trafﬁc can deplete ﬁnite resources such as bandwidth, memory, and processor cycles.A classic memory resource exhaustion DoS is a SYN flood.A SYN flood takes advantage of the TCP three-way handshake.The handshake commences with the client sending out a TCP SYN packet. The host then sends a SYN ACK in response.The handshake is completed when the client replies with an ACK. If the host does not get the returned ACK, the host sits idle and stands by with the session open. Each open session consumes a certain amount of memory. In the event that enough three– way handshakes are initiated, the host consumes all of the readily available memory waiting for ACKs. The trafﬁc created from a SYN flood is normal in appearance. Almost all servers are conﬁgured these days to leave only a certain number of TCP connections open. Yet another classic resource exhaustion attack is the Smurf attack.
A Smurf attack Performs by capitalizing on open network broadcast addresses.A broadcast address forwards all of the packets on to each and every host on the destination subnet. Every host on the destination subnet answers to the source address detailed in the traffic to the broadcast address. An attacker sends a stream of ICMP echo requests or pings to a broadcast address.This provides the effect of enhancing a solitary ICMP echo request up to 250 times. Additionally. the attacker spoofs the origin address in order that the target acquires all the ICMP echo reply traffic. An attacker with a 128 Kb/s DSL Net connection can conceivably produce a 32 Mb/s Smurf flood. DoS attacks commonly utilize spoofed IP addresses due to the fact that the attack succeeds even if the response is misdirected.The attacker needs no reply, and in cases like the Smurf attack, wants at any costs to avoid a response. This can make DoS attacks difficult to defend from, and even harder to trace.
Further Reading: http://residentialip.net/