DDOS attack – Introduction, Attacks, Tools, working

StorytelleradityarajStorytelleradityaraj May 23, 2020

DDOS attack – Introduction, Attacks, Tools, and working


DDOS attack – Introduction, Attacks, Tools, and working




    What is a DDoS attack?

    The distributed denial-of-service (DDoS attack) attack is one of the most powerful hacking tool available on the internet.

    When you hear a website hacked by hackers, it generally means that the website became a victim of a DDoS attack. 

    In short, the hackers have attempted to make a website or unavailable by crashing or flooding the website with a high amount of traffic.


    How DDoS attack works

    · DDoS is the evolution of a smurf attack

    · And the end result is – system flooding the victim with IP packets

    · The more sophisticated control of the “flooders”

    · It relies upon the inability of the “flooders” sysadmins to detect their presence.

    · DDOS setup started > 1 year before attacks


    Examples of DDoS attacks

    This attack took place in the year 2000, Michael Calce, a 15-year-old boy named “Mafiaboy,” attempted one of the first-ever recorded DDoS attacks. He hacked into the computer networks of many different universities. 

    He took in use of their servers to operate a DDoS attack which crashed several major websites, including many famous sites such as CNN, E-Trade, eBay, and Yahoo. 

    In 2016, Dyn named company, a major domain name system provider — also known as DNS — was the victim of a massive DDoS attack which took down major websites and services, including GitHub, Reddit, The New York Times, Visa, PayPal, Spotify, Amazon, Netflix, CNN, and Airbnb.

     

    How do DDoS attacks work?

    • The theory of a DDoS attack is simple, even attacks can range in their level of sophistication. Here’s the basic idea of carrying out the attack. 
    • A DDoS attack is basically a cyberattack on a particular server, services, website, or the network floods it with Internet traffic in a very huge number till the servers stop responding and it gets crashed. 
    • Network connections available on the Internet and web consist of different layers of the Open Systems (OS) model. 

     

    How do DDoS attacks work?


    DDoS attacks focus on particular layers

    • Layer 3, the Network layer. Attacks are here generally known as Smurf Attacks, ICMP Floods, and IP/ICMP Fragmentation for attacking the targeted website.
    • Layer 4, is the transport layer. In this the Attacks include SYN Floods, UDP Floods, and TCP Connection Exhaustion.
    • Layer 7, is the Application layer. Which includes Mainly, HTTP-encrypted attacks.

     

    DDOS Attack Tool (Tools for DDoS attack)

    ·        Trinoo

    ·        Tribe Flood Network (TFN)

    ·        Tribe Flood Network 2000 (TFN2K)

    ·        Stacheldracht/stacheldrachtV4

    ·        Stacheldracht v2.666

    ·        Shaft

    ·        Mstream

     

    Commonly used DoS/DDoS attack tools?

    There are a few common tools which are used to carry out the DDoS attack and they  include:

    Low Orbit Ion Cannon (LOIC)

    ·        The LOIC tool is an open-source stress testing application.

    ·    It allows for both UDP and TCP protocol layer attacks is likely to be done by using a user-friendly interface (WYSIWYG interface). 

    ·       Due to its popularity, the tool derivatives (replica) have been created that allow the hackers to attacks using a web browser.

    High Orbit Ion Cannon (HOIC)

    ·  This Hacking tool was created to replace the LOIC tool by expanding its  capabilities, improvising and adding many customizations to HOIC. 

    ·     The HTTP protocol is being utlilized, the HOIC is able to hack down the targeted websites and they are difficult to mitigate. 

    ·   The software is designed in such a way that it  have a minimum of 50 people working together in a well coordinated way so that the attack is effective.

    Slowloris

    ·    Even though this tool is a slow-moving primate, Slowloris tool is an application which is designed to instigate a low and slow attack on a targeted server.

    ·     The specilaity of Slowloris is the limited amount of resources requires to consume in order to create a massive damaging effect on targets.

    R.U.D.Y 

    • (R-U-Dead-Yet) R.U.D.Y. tool is yet another low and slow attack tool that is designed to allow the hacker to easily manage and launch attacks using a simple point-and-click interface. 
    • By opening a multiple HTTP POST requests and then keeping those connections open for the longer period as possible, the attack aims to slowly bring own the targeted server.

     

    Types of DDoS Attacks & How Each Work 

     

    Volumetric Attacks

    • The most common DDoS attack uses a machine’s network bandwidth by flooding it with false data (dummy traffic) requests on every open port the server available. (DDoS attack map)
    • It is generally done by bots. Because the bot floods ports with massive data, the machine has to continually deal with checking the malicious data requests, traffic sources and has no room left to accept legitimate traffic or the organic traffic (real traffic).
    • UDP floods and ICMP floods are the two famous primary forms of volumetric attacks that are carried out by the attackers.
    • Here the UDP stands for User Datagram Protocol and is referred to as the simple transmission and flow of the data without checking its integrity and authority. The UDP method lends itself well for the fast data transmission, which unfortunately becomes an important prime tool for attackers.
    • ICMP stands for Internet Control Message Protocol, referred to as a network device that communicates with one another in sequence. An attack carried out by ICMP relies on attacking nodes and sending false error requests to the target servers.
    • The target server has to deal with these false data requests and cannot respond to the real requests, thus increasing the pressure on server to handle the request. similar to how a UDP attack works.

    Application-Layer Attacks

    • The application layer is the topmost layer of the OSI network model in any servers and is the one closest to the users with the system.
    • Attacks that take in use of the application layer focus primarily on direct Web traffic coming from search engines. Potential avenues include HTTP, HTTPS, DNS, or SMTP.
    • Application-layer attacks are not as easy to catch because they typically make use of a smaller number of machines, sometimes even a single one. Therefore, the server can be tricked into treating the attack as nothing more than a higher volume of legitimate traffic.

     

    Protocol Attacks

    • A protocol attack focuses only on damaging the connection tables present in the network areas that majorly deal with verifying connections and traffics coming to servers and responding to them.
    • In this attack, the hacker mainly keeps sending successively slow pings, the deliberately malformed pings, and partial packets, and those pings cause the attacking computer and can cause memory buffers in the target to overload and automatically crash the system. A protocol attack can also target firewalls. This is why a firewall alone will not stop denial of service attacks.
    • One of the most common protocol attacks is the SYN flood, which makes use of the three-way handshake process for establishing a TCP/IP connection.

    DDOS – Attack Sequence

    All of the DDOS tools mentioned above and available on the internet follow this sequence.

    • Mass-intrusion Phase: its a process in which automated tools identify the potential systems with weaknesses of server and then root compromises them and install the DDOS software on them. These are the primary victims.
    • DDOS Attack Phase: in this sequence the compromised systems are use to run very massive DOS against a victim site an server to hack it and crash the site.

     


    Tags

    Post a Comment

    0 Comments