Denial of Service and Prevention
Denial of Service (DoS) is a cyber-attack on an individual Computer or Website with the intent to deny services to intended users. Their purpose is to disrupt an organization’s network operations by denying access to its users. Denial of service is typically accomplished by flooding the targeted machine or resource with surplus requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. For example, if a bank website can handle 10 people a second clicking the Login button, an attacker only has to send 10 fake requests per second to make it so no legitimate users can login. DoS attacks exploit various weaknesses in computer network technologies. They may target servers, network routers, or network communication links. They can cause computers and routers to crash and links to bog down. The most famous DoS technique is Ping of Death. The Ping of Death attack works by generating and sending special network messages (specifically, ICMP packets of non-standard sizes) that cause problems for systems that receive them. In the early days of the Web, this attack could cause unprotected Internet servers to crash quickly. It is strongly recommended to try all described activities on virtual machines rather than your working environment Following is the command for performing flooding of requests on an IP
ping ip_address –t -65500
- “ping” sends the data packets to the victim.
- “ip_address” is the IP address of the victim.
- “-t” means the data packets should be sent until the program is stopped.
- “-l(65500)” specifies the data load to be sent to the victim.
Other basic types of DoS attacks involve
- Flooding a network with useless activity so that genuine traffic cannot get through. The TCP/IP SYN and smurf attacks are two common examples.
- Remotely overloading a system’s CPU so that valid requests cannot be processed.
- Changing permissions or breaking authorization logic to prevent users from logging into a system. One common example involves triggering a rapid series of false login attempts that lockout accounts from being able to log in.
- Deleting or interfering with specific critical applications or services to prevent their normal operation (even if the system and network overall are functional).
Another variant of the DoS is the Smurf_attack. This involves emails with automatic responses. If someone emails hundreds of email messages with a fake return email address to hundreds of people in an organization with an autoresponder on in their email, the initial sent messages can become thousands sent to the fake email address. If that fake email address actually belongs to someone, this can overwhelm that person’s account. DoS attacks can cause the following problems:
- Ineffective services
- Inaccessible services
- Interruption of network traffic
- Connection interference
Following is the python script for performing a denial of service attack for a small website that didn’t expect so much socket connection
We can use above code as
python ddos.py target_ip_address apache
How Do DoS Attacks Work?
DoS attacks typically exploit vulnerabilities in a target’s network or computer systems. Attackers can use a variety of methods to generate the overwhelming traffic or requests, including:
- Flooding the target with a massive amount of data
- Sending repeated requests to a specific part of the system
- Exploiting software vulnerabilities to crash the system
Prevention Given that Denial of Service (DoS) attacks are becoming more frequent, it is a good time to review the basics and how we can fight back.
- Cloud Mitigation Provider – Cloud mitigation providers are experts at providing DDoS mitigation from the cloud. This means they have built out massive amounts of network bandwidth and DDoS mitigation capacity at multiple sites around the Internet that can take in any type of network traffic, whether you use multiple ISP’s, your own data center, or any number of cloud providers. They can scrub the traffic for you and only send “clean” traffic to your data center.
- Firewall – This is the simplest and least effective method. Generally, someone writes some Python scripts that try to filter out the bad traffic or an enterprise will try and use its existing firewalls to block the traffic
- Internet Service Provider (ISP) – Some enterprises use their ISP to provide DDoS mitigation. These ISP’s have more bandwidth than an enterprise would, which can help with the large volumetric attacks
Features to help mitigate these attacks:
Network Segmentation: Segmenting the network can help prevent a DoS attack from spreading throughout the entire network. This limits the impact of an attack and helps to isolate the affected systems.
Implement Firewalls: Firewalls can help prevent DoS attacks by blocking traffic from known malicious IP addresses or by limiting the amount of traffic allowed from a single source.
Use Intrusion Detection and Prevention Systems: Intrusion Detection and Prevention Systems (IDS/IPS) can help to detect and block DoS attacks by analyzing network traffic and blocking malicious traffic.
Limit Bandwidth: Implementing bandwidth limitations on incoming traffic can help prevent a DoS attack from overwhelming the network or server.
Implement Content Delivery Network (CDN): A CDN can help to distribute traffic and reduce the impact of a DoS attack by distributing the load across multiple servers.
Use Anti-Malware Software: Anti-malware software can help to detect and prevent malware from being used in a DoS attack, such as botnets.
Perform Regular Network Scans: Regular network scans can help identify vulnerabilities and misconfigurations that can be exploited in a DoS attack. Patching these vulnerabilities can prevent a DoS attack from being successful.
Develop a Response Plan: Having a DoS response plan in place can help minimize the impact of an attack. This plan should include steps for identifying the attack, isolating affected systems, and restoring normal operations.
To safeguard from these attacks you have to apply secure coding and design strong architecture which can prevent these kinds of attacks and update day-to-day solutions to bugs on your website. References https://www.owasp.org/index.php/Denial_of_Service https://en.wikipedia.org/wiki/Denial-of-service_attack This article is contributed by Akash Sharan. If you like GeeksforGeeks and would like to contribute, you can also write an article using write.geeksforgeeks.org or mail your article to email@example.com. See your article appearing on the GeeksforGeeks main page and help other Geeks. Please write comments if you find anything incorrect, or you want to share more information about the topic discussed above.
Please Login to comment...