A Denial-of-Service (DoS) attack is an attack intended to shut down a machine or network, making it difficult to reach its planned clients. DoS attacks achieve this by flooding the fake packets with traffic or sending it data that triggers a crash in that system. In the two occurrences, the DoS assault denies genuine clients of the service or asset they excepted. In this article, we are going deeper inside this DoS attack. We’ll discuss the difference between DoS and DDoS and then also discuss some largest DoS and DDoS attacks done till today.
What is a DoS attack?
A Denial-of-Service(DoS) attack is a type of cyber attack where a computer is used to flood a server with TCP and UDP packets to shut down the target’s network.
In this attack, the attacker sends fake packets all over the server till it overloads the server’s capability and completely shuts down the server. That’s why the server becomes unavailable for other devices and users. DoS attacks are used to shut down the machine or network so that they can’t be used by other users.
Most of the time attackers choose servers of high-profile organizations like banking, government, commerce, media or trade organizations, etc. Although DoS does not steal or harm any data but it can cost the target a great deal of time and money to handle.
Some of the different ways DoS attack can be used are:
- SYN Flood – These types of attacks send requests to connect to a server but never complete handshakes. And then the network becomes inundated with connection requests that prevent any user or device from connecting to the network.
- Buffer overflow attacks – This is the most common DoS attack. The goal of this attack is to send more traffic to the network than the system is made to handle.
- Ping of Death – The attack is also known as the ICMP attack. This attack sends spoofed packets that ping every computer on the target network, instead of sending it to just one specific machine.
- Teardrop attack – During a teardrop DoS attack, the attacker sends IP information bundle pieces to a network. The network at that point endeavors to recompile these parts into their unique parcels. The way toward aggregating these sections exhaust the framework and it ends up crashing. It crashes because the fields are intended to befuddle the framework so it can not assemble them back.
The more offline time any service spends the more it costs. By DoS attack, the data may not be stolen or infected but the downtime of the organizations costs thousands every year. Preventing DoS attacks has become a requirement for all organizations at this time.
What is a DDoS attack?
Distributed Denial of Service(DDoS) is an additional type of DoS attack. During this attack, multiple systems target a single server with malicious traffic. And by using many different locations, attackers can down target’s system for a very large amount of time.
The reason behind this attack is that attacker can use multiple locations so that victim can not find the origin of this attack. it’s hard to recover from a DDoS attack for the victim. there are 90% chances that the system that is under DDoS attack will be compromised. So that attackers can launch attacks from different slave computers. These slave computers are known as zombies or bots. These bots create a botnet that connects all devices. And the attacker controls this botnet through a command or any control server.
Various forms of DDoS:
- UDP flood: The attacker floods victim’s network with User Datagram Protocol(UDP) packets on a remote host. So that host keeps looking for an application listening at port but there is no application. And when the host finds out that it replies with the packet which says that the requested destination isn’t reachable.
- Ping of Death(POD): During this attack, the attacker sends multiple pings to the target server by using manipulated packets. When the target’s network tries to reassemble these packets network assets are spent, they are inaccessible to real parcels. This pounds the objective organization to an end and takes it out of action.
- Slowloris: Slowris is a DDoS attack software. This software was developed by Robert Hansen. The main intention of this software is to take down the web servers. Attacker sends partial HTTP requests with no intention of completing them. To keep running the attack Slowris sends requests periodically. This type of attack doesn’t require any bandwidth.
- Zero-Day attack: Zero-day attacks are one of the well-known attacks. This attack exploits the vulnerability. These types of attacks are very bad because the victims can’t prepare themselves before they experience the live attack.
Difference between DoS and DDoS
The core difference between DoS and DDoS attacks is that in a DoS attacks a computer is used to flood the server with fake packets and in a DDoS attacks, multiple system targets a single system. DDoS attacks are more difficult to detect and the reason for that is they are launched from different locations so that victims can’t find the origin of the attack. Another difference is that DDoS attack uses many systems so that in DDoS attack attacker can send more fake packets than DoS attack. Botnets or networks of devices make DDoS attacks under the control of an attacker. On the other hand, DoS attacks can be done through the use of a script or any tools like Low Orbit ION cannon.
Top 5 famous DDoS attacks
Now let’s see the most famous DDoS attacks done till now. And some important data of those attacks.
1. The Google attack 2017
Google reported that a state-sponsored hacking group launched the biggest DDoS attack till now against the company in September 2017. It was the record-breaking UDP amplification attack sourced out of several Chinese ISPs (ASNs 4134, 4837, 58453, and 9394), which remains the largest bandwidth attack of which they are aware. A Security Engineer at Google wrote:
The attacker utilized a few servers to spoof 167 Mpps (a great many parcels each second) to 180,000 uncovered CLDAP, DNS, and SMTP workers, which would then send enormous reactions to us. This shows the volumes a well-resourced assailant can accomplish.This was Four times bigger than the record-breaking 623 Gbps attack from the Mirai botnet a year sooner.
2. The Mirai Krebs and OVH DDoS Attacks in 2016
On September 20, 2016, the blog of network protection master Brian Krebs was attacked by a DDoS attack of more than 620 Gbps, which was the biggest attack ever seen at that time. Krebs’ site had been attacked previously. Krebs had recorded 269 DDoS assaults since July 2012, however this assault was just about multiple times greater than anything his website or, so far as that is concerned, the web had seen previously.
The wellspring of the assault was the Mirai botnet, which, at its pinnacle sometime thereafter, comprised of over 600,000 traded off the Internet of Things (IoT) gadgets, for example, IP cameras, home switches, and video players. The Mirai botnet had been found in August that very year however the assault on Krebs’ blog was its first large trip.
3. The AWS DDoS Attack in 2020
Amazon Web Services, the 800-pound gorilla of all that distributed computing, was hit by an immense DDoS attack in February 2020. This was the most extraordinary recent DDoS attack ever and it focused on an unidentified AWS client utilizing a method called Connectionless Lightweight Directory Access Protocol (CLDAP) Reflection. This method depends on weak outsider CLDAP workers and intensifies the measure of information shipped off the casualty’s IP address by 56 to multiple times. The assault went on for three days and crested at a surprising 2.3 terabytes each second.
4. The Six Banks DDoS Attack in 2012
On March 12, 2012, six U.S. banks were focused by a flood of DDoS assaults—Bank of America, JPMorgan Chase, U.S. Bank, Citigroup, Wells Fargo, and PNC Bank. The assaults were completed by many captured workers from a botnet called Brobot with each assault creating more than 60 gigabits of DDoS assault traffic each second.
At that point, these assaults were one of a kind in their steadiness. Instead of attempting to execute one assault and afterward withdrawing, the culprits flooded their objectives with a large number of assault techniques to discover one that worked. Thus, regardless of whether a bank was furnished to manage a couple of sorts of DDoS assaults, they were defenseless against different kinds of assault.
5. The Mirai Dyn DDoS Attack in 2016
On October 21, 2016, Dyn, a significant Domain Name Service (DNS) supplier, was attacked by a one terabit each subsequent traffic flood that at that point turned into the new record for a DDoS attack. There’s some proof that the DDoS assault may have really accomplished a pace of 1.5 terabits each second. The traffic torrent thumped Dyn’s administrations disconnected delivering various prominent sites including GitHub, HBO, Twitter, Reddit, PayPal, Netflix, and Airbnb, unavailable. Kyle York, Dyn’s main procedure official, revealed, “We noticed 10s of millions of discrete IP addresses related with the Mirai botnet that was essential for the attack.”
How to prevent these attacks
Now then we know how this attack works, let’s discuss the different ways to prevent these attacks. Even though DOS attacks are a consistent danger to present-day associations, there are various advances that you can take to remain secured when an assault. Before executing a security methodology perceive that you will not have the option to forestall each do assault that comes as you would prefer. That being said, you will actually want to limit the harm of an effective assault that comes your direction.
There are different ways:
- Network monitoring
- Test run DoS attacks
- Create DoS Response Plan
Observing your organization’s traffic is a standout amongst other preemptive advances you can take. Observing normal traffic will permit you to see the indications of an assault before the assistance goes down totally. By checking your traffic you’ll have the option to make a move the second you see irregular information traffic levels or an unrecognized IP address. This can be the distinction between being taken disconnected or keeping awake.
Before executing a hard and fast assault, most aggressors will test your organization with a couple of parcels before dispatching the full assault. Observing your organization’s traffic will permit you to screen for these little signs and recognize them early with the goal that you can keep your administration on the web and dodge the expenses of sudden downtime.
Test run DoS attack
Shockingly, you will not have the option to forestall each do assault that comes as you would prefer. Nonetheless, you can ensure you’re arranged once an assault shows up. Quite possibly the most immediate approach to do this is to reenact DDoS assaults against your own organization. Mimicking an assault permits you to try out your present anticipation techniques and assists with developing some ongoing counteraction methodologies that can set aside bunches of cash if a genuine assault comes in your direction.
Create DoS response Plan
Build up a DDoS anticipation plan dependent on a careful security evaluation. In contrast to more modest organizations, bigger organizations may require a complex framework and including various groups in DDoS arranging.
At the point when DDoS hits, there is no an ideal opportunity to consider the best strides to take. They should be characterized ahead of time to empower brief responses and stay away from any effects.
Building up an episode reaction plan is the basic initial move toward a thorough protection system. Contingent upon the foundation, a DDoS reaction plan can get very comprehensive. The initial step you take when a vindictive assault happens can characterize how it will end. Ensure your server farm is readied, and your group knows about their obligations. That way, you can limit the effect on your business and save yourself long periods of recuperation.