DDoS Attacks Explained | What is a DDoS Attack? How it works?


        DoS stands for Denial of Services. This is a common type of cyber attack introduced by Michael Calce in February 2000. As the name suggests, the " denial " denies any type of online service.  In a dos attack, the hacker sends traffic in millions to a webserver and tries to overload it. As soon as the traffic arrives on a webservice it stops working because the resources used in the background reach their limit and can't handle that much traffic anymore. While this attack occurs no legit user can access that web service and probably faces an error "404 Not Found". DoS can affect any type of online service like website, email service, online banking accounts, android apps, etc. Attackers manipulate computer-generated traffic in such a way to pretend like legitimate traffic, with a fake return address and other fake details that confuse the targeted host system and be the reason for crashing the webserver. This fake traffic exceeds the bandwidth limit and results in denial of service.

There are two main types of DoS attacks.

1. Smurf Attack: 

        In this type of DoS attack, attackers manipulate the vulnerabilities of internet protocols. They use ICMP (Internet Control Message Protocol) to send a hello message to other hosts with the spoofed source IP (sender address) of the targeted system. In response, they reply hello to the targeted machine because they consider the targeted machine wants to communicate with them.  As the victim gets tons of replies from other machines it gets confused and can not respond to a legitimate request, this phenomenon tends to result in a DoS attack. The image below illustrates the smurf attack.

denial of service, how a smurf doS attack works

For Example, let's relate this with real life, someone posts a mail to 1000 people at the same time using your mailing address. When they post replies, you will receive their mails posted to you, and that would be an irritating situation for you.

2. SYN Flood:

         Attackers send a connection request to the targeted server and when the targeted server replies attackers intentionally interrupt the connection to occupy the open ports by this method they can easily put a barrier between client and server. To understand the SYN Flood attack we must know the Three-Way Handshake method. In transfer control protocol this method is used to establish a connection between the client and the webserver.

          1. A connection request with a "SYN" packet is sent to the server.

          2. The server acknowledges that "SYN" packet and replies with the packet "SYN-ACK".

          3. In the third step client replies "ACK" packet to tell the server that the connection is established.

how a syn flood doS attack works

    Attackers manipulate this three-way handshake method to overload a web server. They send a huge number of SYN packets to the targeted server and try to engage all of the ports. While this occurs no legitimate client can connect with the server this phenomenon is called an SYN flood attack.

Distributed Denial-of-Services (DDoS) Attack:

        This is the successor of the DoS attack or you can say that a second or advanced version of the DoS. Attackers use multiple devices to execute the DDoS attack. They manipulate all of the compromised devices they have, to increase the impact of their attack, botnet also provides them anonymity. The network of that hijacked devices is known as a botnet. By the time the magnitude of DDoS attacks is increased because of the increasing number of IoT (Internet of Things) devices.

Dangerous Impacts of DDoS Attacks on Online Businesses

For Example, A website is selling some goods online and generates a good profit every day, they have online customers every time. If that website goes down for a whole day they would face losses. Attackers often do this for revenge or to make the unlawful amount they attack online businesses and demand a ransom amount to stop the DDoS attack. As mentioned earlier Michael Calce introduced DDoS. He attacked multiple times on eBay and Amazon. These websites faced heavy losses because of these attacks.

DDoS Attacks are Increasing Day by Day:

If you search "DDoS attacks today" on any search engine you'll find lots of results because thousands of websites face DDoS Attacks every day because of the availability of hacking tools and software like DDoS attack tools. That's not the only reason for increased DDoS Attacks, the ongoing geopolitical conflicts are also a reason for the increase in the number of DDoS attacks.

Prevention from DDoS Attack

        Nowadays multiple ways are introduced to prevent DDoS attacks, but 100% protection can not be achieved yet. Services like DDoS Protection by Cloudflare make things better. Always monitor the traffic on your website, if you find any unusual activity like slowdowns or unusual shutdowns, tell immediately to your website host or protection provider.

Also Read:

What is a Phishing Attack?

Why CAPTCHA is used?

What is OSINT?

Here is the Explaination Video on DDoS Attacks.

Post a Comment