Dos Attacks and its prevention

Hackers have many reasons to break network security. Whatever the reason is, 

hacking causes damage both to that particular individual who becomes the prey 

along with the computing devices and lays a more significant impact on business 

firms resulting in the loss of millions of dollars. A hacker also has the technique 

that they sat on a single computer and controls multiple computers at the same 

time to do a more massive hack. Though security experts have introduced advanced

 devices and methods for security, as we all know, nothing is 100% secure. Here we'll understand how Distributed-Denial of Service (DDoS) functions and what are the steps

require protecting the individuals and business sites and computers from this attack.

Table of Contents

1. What is Denial of Service (DoS)?

2. Symptoms of Denial of Service Attacks

3. Common DoS Attack Types

4. Defining Distributed Denial of Service

5. DDoS Attack Trend

6. How to Avoid DoS and DDoS types of Attacks

7. Various Factors on Which Attacker Depends

8. Tools Used for DoS Attack

9. Countermeasures and Security Against DoS/DDoS

What is Denial of Service (DoS)?

It is an attack on the computer or network that restricts, reduces, or prevents the system from restoring accessibility to its legitimate users. It is a kind of attack in which an attacker or intruder tries to deprive system users or authorized users of accessing their computers, networks, or sites. Here the attacker focuses on the bandwidth of the victim to perform this attack.

Malicious use of resources internally within an organization may also result in Denial of Service attack, and the target computers can also be attacked from the internal network by an unsatisfied or disgruntled employee. It can also be executed against network resources, data access within an inter-networked environment. In 95% cases, the motive of an attacker using this Denial of Service is destruction and not stealing.

Symptoms of Denial of Service Attacks

Denial of Service typically results in:

1. Hanging the system.
2. Slow response of the system.
3. Slow, unusual network performance.
4. Unavailability of that target website.
5. Reboot or shutdown of a particular system.
6. Incapability of accessing that target website.
7. The drastic increase in the number of spam emails.
8. Loss of Information from the target computer or site.
9. Disconnection of wireless or wired internet connection.
10. Damages and deletion of network resources or hardware.
11. Destruction of data and programs of users that were online during the attack.

If the Denial of Service attack is performed sufficiently for a huge amount of time, on a large scale, the Internet connectivity of the entire geographical region may get compromised without the attacker even know that this thing has occurred. Thus, Denial of Service attack compromises a system without intruding, which is enough to disorganize the functionality or network infrastructure of an organization.

Common DoS Attack Types

1. Buffer Overflow: is a common type of Denial of Service attack, to send a large amount of traffic through an addressed network. The attacker may find vulnerabilities to the target system that can be exploited, or the attacker may merely make a trial to attack in case it might work.
2. Bandwidth Attack: A single machine cannot withstand enough requests to overwhelm network equipment, and so a large number of packets are sent at a time to flood the victim's network or a large number of pings to a target website.
3. Teardrop attack: In this type of denial of service attack exploits the way that the Internet Protocol (IP) requires a packet that is too large for the next router to handle be divided into fragments. This fragment of the packet then identifies an offset that enables the entire set of packets to get reassembled by the receiver computer. In this attack, the attacker's IP set a confusing offset value starting from the second fragment onwards. If the receiving OS doesn't have a precaution for this attack vector, then it can cause a system to get crash.
4. Physical Infrastructure DoS: In this case, someone may nick a fiber-optic cable to the existing network hardware infrastructure. Using this attack, the traffic through the network can easily be rerouted.
5. SYN attack: Here, the attacker sends a large number of SYN packets to a target server of the victim with fake source IP address.
6. P2P attack: Using Peer-to-peer (P2P) attack, the attacker instructs the peers or the client connected to the network to disconnect from their peer-to-peer network and connect to the victim's fake website. Here, the mugger exploits the network flaws using Direct-Connect (DC++)protocol that is used for sharing all types of files between IM (Instant Messaging) clients.

Defining Distributed Denial of Service

A DoS attack is reframed with the name of Distributed Denial of Service (DDoS) attack when a multitude of hacked systems target a single system (computer, website, or network). In other words, when a Denial of Service attack is performed using several compromised devices to attack a particular system, then that distributed nature of the attack is termed as a Distributed Denial of Service (DDoS) attack.

In a typical DDoS attack, the mugger or the attacker starts exploiting a vulnerability in one computer or system and makes it the DDoS master; DDoS master means that through this computer, other vulnerable computers are detected and identified and then infected those systems with malware. Here, to launch a Distributed Denial of Service attack, in the DDoS master system, the attacker uses botnets to affect and then control a large number of computers and then attacks a single system. The attack is termed "distributed" because multiple computers are being manipulated by a hacker to execute the Denial of Service attack.

DDoS Attack Trend

According to a report of 2014-2015, the average DDoS attack size has increased to 7.39 gigabits per second (Gbps), with a rise of 14% higher than that in 2013-2014. E-Commerce and Online advertising get affected by DDoS with an average of 8%; the telecommunication department gets affected on an avg. of 6%, public sector-15%, Financial Sector-15%, IT services, and Cloud-33%.

How to Avoid DoS and DDoS types of Attacks

Unfortunately, there is no 100% successful ways to protect a victim from falling under the prey of malicious DoS/DDoS attackers. But there are some prevention tactics users can apply to reduce the likelihood an attacker may use a computer to attack other computers. These prevention tactics are:

1. Install Antivirus software with the latest updates.
2. Install a firewall and try to configure it with the most recent updates to restrict traffic.
3. Apply filtering of emails to manage unwanted traffic.

Various Factors on Which Attacker Depends

1. Attack against Connectivity: In this type of attack, the attacker tries to terminate the users/hosts from connecting with another system or computer or host.
2. Misuse of Internal Resources: In this attack type, the attacker tries to bind resources to a certain machine with a consequence that the consumption of network bandwidth will be large and wastage along with the non-availability of resources for others.
3. Bandwidth consumption: In this mode of attack, the attacker generates a large number of packets from the system on which attack has been planned. This consumption of bandwidth finally leads to a slowdown of network and attack.
4. Altering Configuration: In this type of attack, the attacker may try o exploit misconfigured information present on the network for DoS.

Tools Used for DoS Attack

• Jolt 2.
• Targa.
• Blast 20.
• Namesy.
• Panther 2.
• Bubonic.
• Crazy Pinger.
• UDP Flood.
• FS max.

Countermeasures and Security Against DoS/DDoS

Some strategic countermeasures a security consultant can take against DoS and DDoS are:

1. Aborting the attack: This protection technique requires preplanning and requires additional capacity to withstand or absorb the attack.
2. Degrading Services: Identifying and stopping those noncritical services.
3. Service Shut Down: Using this technique, all the services can be shut down until the attack has subsided.

These are the security postures you should apply to protect the system from DoS and DDoS:

1. Install antivirus and anti-Trojan software and keep that software up to date.
2. Analyze communication protocols and traffic patterns between handlers and clients to identify infected network nodes.
3. Systems should be set up with limited security, which will be the honey-pots. Honey-pots will lure the attacker, and the security professional can detect the attacker with the help of honey-pots as they serve as a means to gather information about an attacker.
4. Security professionals can also mitigate these attacks by Load balancing on each server in multiple server architecture.
5. Set router level security and install firewalls.
6. To defend against botnets, the organization can use the Cisco IPS (Intrusion Prevention System) with IP reputation Filtering, which determines whether the IP or service is a source or a threat. These IPS frequently update themselves with known threats.
7. Enable IP source Guard, which is provided by Cisco devices. This feature is available in Cisco routers to filter traffic based on DHCP (Dynamic Host Control Protocol) snooping or IP source binding, which terminates or prevents the bot from sending spoofed packets.