• Home
• Protector
• Portable Penetrator
• Cloud Penetrator
• Penetrator
• Partners

You are here: Resources > IT Security Technical Resources Part4 > DDoS

DDoS (Distributed Denial of Service)

A DDoS or a Distributed Denial of Service attack happens whenever targeted networks are flooded with traffic and requests by multiple systems in order to overwhelm their resources or bandwidth, typically with one or more online servers. These systems are composed of a variety of resource-taxing methods and techniques (such as botnets, malware, worms, and so forth) spearheaded by one or many hackers at a time. Different types of malware or malicious software can transmit DDoS attack triggering mechanisms as well. MyDoom is an excellent and better-known example of a DDoS malware threat. MyDoom's DoS mechanism was activated during a specific time and date. This DDoS type used IP address hardcoding before releasing the malware in order to ensure that no further contact was needed to launch the DDoS assault.

A network may be compromised and ruined with a trojan, which enables a hacker to acquire a zombie agent (even though the trojan may already contain one from the get go in order to simplify the hacking process). Cyber attackers can also force an entry into networks by the use of automated tools that can automatically take advantage of vulnerabilities in software that listen for remote host connections. For the most part, this nightmare scenario concerns systems that act as servers on cyberspace.

A famous and traditionally used DDoS tool is Stacheldraht. It's an application that uses a layered architecture wherein the hacker deploys client software to link to handlers or compromised systems that give orders to the zombie agents. The agents are the ones that facilitate and manage the entirety of the DDoS attack, so they're the foot soldiers of the entire Stacheldraht hierarchy. With the help of the hacker's handlers and automated routines, these agents are capable of exploiting vulnerabilities within remote host applications that accept remote connections.

Because a DDoS achieves its goals to superior firepower and numbers, each handler can manipulate up to a thousand zombie agents at a time. These clusters of system dismantlers are also known as botnets. IP spoofing and amplification (which is also known as bandwidth consumption attacks; e.g. fraggle attacks and smurf attacks) are the main modus operandi of classic DDoS tools like Stacheldraht. Resource starvation attacks or SYN floods may also be utilized. The latest, most cutting-edge DDoS tools out there are capable of manipulating DNS servers in order to fulfill their nefarious denial of service purposes too.

SYN floods are straightforward and simple attacks that appear like a well-spread DDoS strike because it typically makes use of a varied range of source IP address to dispense its payload. These resource starvation attacks don't need to complete the TCP three-way handshake; they instead attempt to wear out the server bandwidth or the destination SYN queue instead. Since it's quite easy to spoof IP addresses, an attack could come from a set number of places or it may even originate from a lone host. SYN cookies and other stack enhancements should be useful in discouraging this attack.