DDoS (Distributed Denial of Service)

A DDoS or a Distributed Denial of Service attack happens whenever targeted networks are flooded with traffic and requests by multiple systems in order to overwhelm their resources or bandwidth, typically with one or more online servers.

These systems are composed of a variety of resource-taxing methods and techniques (such as botnets, malware, worms, and so forth) spearheaded by one or many hackers at a time.


SYN Flood Attack

Because a DDoS achieves its goals to superior firepower and numbers, each handler can manipulate up to a thousand zombie agents at a time.

These clusters of system dismantlers are also known as botnets.

IP spoofing and amplification (which is also known as bandwidth consumption attacks; e.g. fraggle attacks and smurf attacks) are the main modus operandi of classic DDoS tools like Stacheldraht.

Resource starvation attacks or SYN floods may also be utilized.

The latest, most cutting-edge DDoS tools out there are capable of manipulating DNS servers in order to fulfill their nefarious denial of service purposes too.

TCP Flood Attack

SYN floods are straightforward and simple attacks that appear like a well-spread DDoS strike because it typically makes use of a varied range of source IP address to dispense its payload.

These resource starvation attacks don't need to complete the TCP three-way handshake; they instead attempt to wear out the server bandwidth or the destination SYN queue instead.

Since it's quite easy to spoof IP addresses, an attack could come from a set number of places or it may even originate from a lone host.

SYN cookies and other stack enhancements should be useful in discouraging this attack.

Perform DDoS With Penetrator Vulnerability Scanner for Pen Testing Click here. 

What Is DDoS?

DDoS Explained

A Distributed Denial of Service Attack (DDoS) or a Denial of Service Attack (DOS) is exactly what it says on the proverbial tin.
It "denies" people access to a "service", in essence.
It's a means to sabotage the website services of a given company so that their pages remain inaccessible to the public thanks to wave upon wave of forced connections that deplete its resources and cripple its servers.
The main modus operandi of this attempt to take down websites is to make network or computer services inaccessible to the users who are supposed to access them.
The reasons for doing so will vary from "hacktivist" agendas to the machinations of a bored black hat hacker. 

DDoS Attempts

Some might even do small-scale DDoS in order to test out server capabilities, but that's rarer than actual penetration testing attempts.
DoS attacks are typically promulgated by multiple people or a single person in order to prevent a service or Internet site from functioning efficiently. 4chan... one of the west's largest image boards for a variety of topics or hobbies... is a regular victim of DDoS attacks that typically renders the site temporarily out of order thanks to its connections with the hacker group known as Anonymous and its own DOS-related shenanigans.  
There are even DDoS attempts that can outright destroy a service for an indefinite period of time thanks to the sheer scale of the attack.

DDoS In Pen Testing

Distributed Denial of Service

Before defining what a DDoS or Distributed Denial of Service attack is, the (standalone) DoS attack must first be identified in order to avoid confusion between the two similar terms.

First off, a Denial of Service or DoS attack is exactly as its name describes it to be—it's a method hackers use in order to deny services to regular users, usually in the form of a flood of requests from different servers to make a given website unavailable for browsing by virtue of overloaded traffic.

Now, the difference between a DDoS (Distributed Denial of Service) attack and a DoS (Denial of Service) attack all hinges on a single word.

Distributed, which implies wide distribution from multiple sources.

To put it simply, DoS attacks refer to single-host attacks, while DDoS attacks refer to larger, bigger, and numerous multi-system ones (usually involves zombie agents or botnets).

DoS Attacks

Moreover, DoS attacks encompasses any attack that specifically compromises systems to limit the availability of their services, including DDoS ones.

An attacker that mounts an attack from a single host is doing a DoS attack. while a hacker that instead uses over a thousand or more systems to launch at the same time corporate-scale smurf attacks, fraggle attacks, or any other type of bandwidth consumption attacks against a remote host is doing a DDoS attack.

t's all a matter of scale and the numbers game. Whenever a sheer multitude—arguably a botnet army—of compromised systems overwhelm the servers of a single targeted network or website with a distribution of requests and whatnot, therefore causing the denial of service for users of the system, then it is considered a DDoS attack.

Black Hat Attacker

The deluge of incoming messages, traffic, and whatnot to the intended target basically compels it to shut down or burn out altogether from the excess bandwidth usage from sources other than its own regular visitors and other legitimate users.

The average DDoS attack goes like this.

The black hat starts his nefarious deed by first taking advantage of an unpatched vulnerability in a given computer system and turning it into the DDoS master system of sorts.

Afterwards, this master system is used by the intruding cracker to identify and communicate with other systems that also possesses the same vulnerability and can be cracked as well.

Zombie Agents

After the online outlaw has amassed thousands of compromised systems at his disposal, he can then load cracking tools of all shapes and sizes he either wrote himself or got off the worldwide web.

You don't even need to be an expert hacker to do this either; you can be a script kiddie with loads of cracking tools you got off the Internet and it could still work out splendidly in the end.

Once everything is set up accordingly, all you need to do is launch a single command in order to instruct your zombie agents to launch a combined, multi-system flood of redundant requests, spam, and so forth on a specified website, email system, network, and so forth.