A DDoS or a Distributed Denial of Service attack happens whenever targeted networks are flooded with traffic and requests by multiple systems in order to overwhelm their resources or bandwidth, typically with one or more online servers.
These systems are composed of a variety of resource-taxing methods and techniques (such as botnets, malware, worms, and so forth) spearheaded by one or many hackers at a time.
Different types of malware or malicious software can transmit DDoS attack triggering mechanisms as well.
MyDoom is an excellent and better-known example of a DDoS malware threat.
MyDoom's DoS mechanism was activated during a specific time and date. This DDoS type used IP address hardcoding before releasing the malware in order to ensure that no further contact was needed to launch the DDoS assault.
A network may be compromised and ruined with a Trojan, which enables a hacker to acquire a zombie agent (even though the Trojan may already contain one from the get go in order to simplify the hacking process).
Cyber attackers can also force an entry into networks by the use of automated tools that can automatically take advantage of vulnerabilities in software that listen for remote host connections.
For the most part, this nightmare scenario concerns systems that act as servers on cyberspace.
A famous and traditionally used DDoS tool is Stacheldraht.
It's an application that uses a layered architecture wherein the hacker deploys client software to link to handlers or compromised systems that give orders to the zombie agents.
The agents are the ones that facilitate and manage the entirety of the DDoS attack, so they're the foot soldiers of the entire Stacheldraht hierarchy.
With the help of the hacker's handlers and automated routines, these agents are capable of exploiting vulnerabilities within remote host applications that accept remote connections.
Because a DDoS achieves its goals to superior firepower and numbers, each handler can manipulate up to a thousand zombie agents at a time.
These clusters of system dismantlers are also known as botnets.
IP spoofing and amplification (which is also known as bandwidth consumption attacks; e.g. fraggle attacks and smurf attacks) are the main modus operandi of classic DDoS tools like Stacheldraht.
Resource starvation attacks or SYN floods may also be utilized.
The latest, most cutting-edge DDoS tools out there are capable of manipulating DNS servers in order to fulfill their nefarious denial of service purposes too.
SYN floods are straightforward and simple attacks that appear like a well-spread DDoS strike because it typically makes use of a varied range of source IP address to dispense its payload.
These resource starvation attacks don't need to complete the TCP three-way handshake; they instead attempt to wear out the server bandwidth or the destination SYN queue instead.
Since it's quite easy to spoof IP addresses, an attack could come from a set number of places or it may even originate from a lone host.
SYN cookies and other stack enhancements should be useful in discouraging this attack.
Before defining what a DDoS or Distributed Denial of Service attack is, the (standalone) DoS attack must first be identified in order to avoid confusion between the two similar terms.
First off, a Denial of Service or DoS attack is exactly as its name describes it to be—it's a method hackers use in order to deny services to regular users, usually in the form of a flood of requests from different servers to make a given website unavailable for browsing by virtue of overloaded traffic.
Now, the difference between a DDoS (Distributed Denial of Service) attack and a DoS (Denial of Service) attack all hinges on a single word.
Distributed, which implies wide distribution from multiple sources.
To put it simply, DoS attacks refer to single-host attacks, while DDoS attacks refer to larger, bigger, and numerous multi-system ones (usually involves zombie agents or botnets).
Moreover, DoS attacks encompasses any attack that specifically compromises systems to limit the availability of their services, including DDoS ones.
An attacker that mounts an attack from a single host is doing a DoS attack. while a hacker that instead uses over a thousand or more systems to launch at the same time corporate-scale smurf attacks, fraggle attacks, or any other type of bandwidth consumption attacks against a remote host is doing a DDoS attack.
t's all a matter of scale and the numbers game. Whenever a sheer multitude—arguably a botnet army—of compromised systems overwhelm the servers of a single targeted network or website with a distribution of requests and whatnot, therefore causing the denial of service for users of the system, then it is considered a DDoS attack.
The deluge of incoming messages, traffic, and whatnot to the intended target basically compels it to shut down or burn out altogether from the excess bandwidth usage from sources other than its own regular visitors and other legitimate users.
The average DDoS attack goes like this.
The black hat starts his nefarious deed by first taking advantage of an unpatched vulnerability in a given computer system and turning it into the DDoS master system of sorts.
Afterwards, this master system is used by the intruding cracker to identify and communicate with other systems that also possesses the same vulnerability and can be cracked as well.
After the online outlaw has amassed thousands of compromised systems at his disposal, he can then load cracking tools of all shapes and sizes he either wrote himself or got off the worldwide web.
You don't even need to be an expert hacker to do this either; you can be a script kiddie with loads of cracking tools you got off the Internet and it could still work out splendidly in the end.
Once everything is set up accordingly, all you need to do is launch a single command in order to instruct your zombie agents to launch a combined, multi-system flood of redundant requests, spam, and so forth on a specified website, email system, network, and so forth.
➤ Related Pages