Advanced Cyber Security

Resources / IT Security Resources Part4 /

DDoS (Distributed Denial of Service)

A DDoS or a Distributed Denial of Service attack happens whenever targeted networks are flooded with traffic and requests by multiple systems in order to overwhelm their resources or bandwidth, typically with one or more online servers.

These systems are composed of a variety of resource-taxing methods and techniques (such as botnets, malware, worms, and so forth) spearheaded by one or many hackers at a time.

Different types of malware or malicious software can transmit DDoS attack triggering mechanisms as well.

MyDoom is an excellent and better-known example of a DDoS malware threat.

MyDoom's DoS mechanism was activated during a specific time and date. This DDoS type used IP address hardcoding before releasing the malware in order to ensure that no further contact was needed to launch the DDoS assault.

Zombie Agents

A network may be compromised and ruined with a Trojan, which enables a hacker to acquire a zombie agent (even though the Trojan may already contain one from the get go in order to simplify the hacking process).

Cyber attackers can also force an entry into networks by the use of automated tools that can automatically take advantage of vulnerabilities in software that listen for remote host connections.

For the most part, this nightmare scenario concerns systems that act as servers on cyberspace.

DDoS Attack

A famous and traditionally used DDoS tool is Stacheldraht.

It's an application that uses a layered architecture wherein the hacker deploys client software to link to handlers or compromised systems that give orders to the zombie agents.

The agents are the ones that facilitate and manage the entirety of the DDoS attack, so they're the foot soldiers of the entire Stacheldraht hierarchy.

With the help of the hacker's handlers and automated routines, these agents are capable of exploiting vulnerabilities within remote host applications that accept remote connections.

SYN Flood Attack

Because a DDoS achieves its goals to superior firepower and numbers, each handler can manipulate up to a thousand zombie agents at a time.

These clusters of system dismantlers are also known as botnets.

IP spoofing and amplification (which is also known as bandwidth consumption attacks; e.g. fraggle attacks and smurf attacks) are the main modus operandi of classic DDoS tools like Stacheldraht.

Resource starvation attacks or SYN floods may also be utilized.

The latest, most cutting-edge DDoS tools out there are capable of manipulating DNS servers in order to fulfill their nefarious denial of service purposes too.

TCP Flood Attack

SYN floods are straightforward and simple attacks that appear like a well-spread DDoS strike because it typically makes use of a varied range of source IP address to dispense its payload.

These resource starvation attacks don't need to complete the TCP three-way handshake; they instead attempt to wear out the server bandwidth or the destination SYN queue instead.

Since it's quite easy to spoof IP addresses, an attack could come from a set number of places or it may even originate from a lone host.

SYN cookies and other stack enhancements should be useful in discouraging this attack.

Perform DDoS With Penetrator Vulnerability Scanner for Pen Testing Click here. 

What Is DDoS?

DDoS Explained

A Distributed Denial of Service Attack (DDoS) or a Denial of Service Attack (DOS) is exactly what it says on the proverbial tin.
It "denies" people access to a "service", in essence.
It's a means to sabotage the website services of a given company so that their pages remain inaccessible to the public thanks to wave upon wave of forced connections that deplete its resources and cripple its servers.
The main modus operandi of this attempt to take down websites is to make network or computer services inaccessible to the users who are supposed to access them.
The reasons for doing so will vary from "hacktivist" agendas to the machinations of a bored black hat hacker. 

DDoS Attempts

Some might even do small-scale DDoS in order to test out server capabilities, but that's rarer than actual penetration testing attempts.
DoS attacks are typically promulgated by multiple people or a single person in order to prevent a service or Internet site from functioning efficiently. 4chan... one of the west's largest image boards for a variety of topics or hobbies... is a regular victim of DDoS attacks that typically renders the site temporarily out of order thanks to its connections with the hacker group known as Anonymous and its own DOS-related shenanigans.  
There are even DDoS attempts that can outright destroy a service for an indefinite period of time thanks to the sheer scale of the attack.

Flood Attacks

When a website is down and you're in need of some answers, you should refer to the site owner's Twitter account to confirm that it's down and see if the technical difficulties are DDoS in nature.
He should be able to confirm whether or not he's being attacked by a DDoS flood.
With that said, if you're hit by a DDoS, then you must know the signs and symptoms of such before being able to deal with it effectively.
You should not confuse DDoS attacks with disconnects.
Just because you're disconnecting from a match when playing your favorite game, your ISP is running slower than usual, or you're experiencing lag, that doesn't mean you're undergoing a DDoS attack. 

ISP DDoS

Those are mutually exclusive problems that have no connection with DDoS. As long as you're able to reconnect and resume your activities or resolve it by switching ISPs and whatnot, then you're assuredly not being DDoS'd at all.
One thing that you should take note when it comes to DDoS attacks is that they start slow and then escalate to a point where Internet access isn't possible at all.
A DDoS happens whenever you, your computer, or your website servers are being hit with a huge amount of "Internet packets" at a fast pace that depletes your resources.

DDoS In Pen Testing

Distributed Denial of Service

Before defining what a DDoS or Distributed Denial of Service attack is, the (standalone) DoS attack must first be identified in order to avoid confusion between the two similar terms.

First off, a Denial of Service or DoS attack is exactly as its name describes it to be—it's a method hackers use in order to deny services to regular users, usually in the form of a flood of requests from different servers to make a given website unavailable for browsing by virtue of overloaded traffic.

Now, the difference between a DDoS (Distributed Denial of Service) attack and a DoS (Denial of Service) attack all hinges on a single word.

Distributed, which implies wide distribution from multiple sources.

To put it simply, DoS attacks refer to single-host attacks, while DDoS attacks refer to larger, bigger, and numerous multi-system ones (usually involves zombie agents or botnets).

DoS Attacks

Moreover, DoS attacks encompasses any attack that specifically compromises systems to limit the availability of their services, including DDoS ones.

An attacker that mounts an attack from a single host is doing a DoS attack. while a hacker that instead uses over a thousand or more systems to launch at the same time corporate-scale smurf attacks, fraggle attacks, or any other type of bandwidth consumption attacks against a remote host is doing a DDoS attack.

t's all a matter of scale and the numbers game. Whenever a sheer multitude—arguably a botnet army—of compromised systems overwhelm the servers of a single targeted network or website with a distribution of requests and whatnot, therefore causing the denial of service for users of the system, then it is considered a DDoS attack.

Black Hat Attacker

The deluge of incoming messages, traffic, and whatnot to the intended target basically compels it to shut down or burn out altogether from the excess bandwidth usage from sources other than its own regular visitors and other legitimate users.

The average DDoS attack goes like this.

The black hat starts his nefarious deed by first taking advantage of an unpatched vulnerability in a given computer system and turning it into the DDoS master system of sorts.

Afterwards, this master system is used by the intruding cracker to identify and communicate with other systems that also possesses the same vulnerability and can be cracked as well.

Zombie Agents

After the online outlaw has amassed thousands of compromised systems at his disposal, he can then load cracking tools of all shapes and sizes he either wrote himself or got off the worldwide web.

You don't even need to be an expert hacker to do this either; you can be a script kiddie with loads of cracking tools you got off the Internet and it could still work out splendidly in the end.

Once everything is set up accordingly, all you need to do is launch a single command in order to instruct your zombie agents to launch a combined, multi-system flood of redundant requests, spam, and so forth on a specified website, email system, network, and so forth.


Pricing Click Here ->

Buy from a VAR or VAD Click Here ->

Get a Free Vulnerability Scan Click Here ->


Ingenco2 Trustmark SecPoint Trustpilot Emaerket

➤ Related Pages

802.11 Protocol
CSRF
DDoS
DLP
Ethical Hacker
IPX
NetBEUI
OSI
OpenBSD
RC4
RSA
SEO Check links
SOX
TCP/IP
The Sarbanes-Oxley Act of 2002
UTM Appliance Review
Vulnerability Testing Appliance
WPA Handshake
WPA2
WPA2 Password Handshake
Web Scan
What is Bandwidth Management ?
Wireless Access Point