DDOS- Distributed Denial Of Service attacks
Thursday, 23 February 2012 11:24

Denial of Service attacks or DoS attacks limit the access of computing resources to authorized users and try to exhaust victim's resources like network bandwidth, computing power or operating system data structure. It is a malicious attempt by a single host or a group of hosts. When the attack is launched by a single host it's called a DoS attack. When the attack is launch simultaneously on one targeted computer by a group of malicious hosts it's called Distributed DoS or DDoS. The main purpose of launching denial-of service attacks is to deny access of some services like e-mail, availability of network connectivity and services temporary. It can destroy programs and files in an affected computer systems too. These kind of attacks do not mainly conduct on the purpose of stealing information. Trinoo, TFN, Stacheldraft, TFN2K, Trinity Shaft, Mstream, Find DDoS 2.0 are some tools help to launch DDoS tools. Although DDoS attacks leave tracks on the attack still these types of attacks are used for several purposes.



To conduct a DDoS attack the malicious user first create a network of computers which will help to generate the volume of traffic needed to deny services to computer users. By using the vulnerable sites or hosts on a network the attackers create a group of hosts which help to launch the attack. The hosts which are not properly patched , which are not running anti-virus software or running outdated anti-virus softwares are easy targets when selecting vulnerable hosts for such a group. The softwares which can automatically detect the vulnerable systems , break in to systems and installs necessary programs for attacks have already been introduced in todays world, which prevents attacker from wasting time on creating attacking tools. The hosts which have been infected by malicious softwares which look for other vulnerable hosts and add them in to the group which conduct the attack. The hosts where the attacking tools are running on are called zombies or botnets. Bunch of zombies or botsnets creates an army to launch a successful attack.

The typical DDoS attacks and distributed reflector DoS (DRDoS) attacks can be recognized as main categories of DoD attacks. The typical DDoS attacks consists of a master zombie and slave zombies. Attacker sends the attacking command to the master zombie and then activate attacking processes on other machines which awaits the appropriate command to attack from the master zombie. After receiving the attacking command slave zombies or agent machines begins to send a large volume of packets to the victim, flooding its system with useless load and exhausting its resources. DRDoS attacks are consists of a master zombie , slave zombies and reflectors. Reflectors are uninfected machines where attacking tools are not installed. Here master zombie commands slave zombies to send a stream of packets to reflectors which includes the victims ip address as the source ip address. Then the reflectors send a grate volume of traffic to the victim believing it's the one who asked for traffic. As it can be recognized in DRDoS attacks the attacks are launched from the machines which are not aware of it or which are not being installed with attacking tools. Out of these two DRDoS is the one which can cause a severe damage as the attack is more distributed and create a greater volume of traffic.

Although it's hard to prevent completely from Distributed Denial of service attacks to minimize the impact several solutions can be implemented.

  • Introduce separate communication paths and reserve a separate number of IP addresses for important servers.
  • Protocols , softwares and anti-virus applications must be kept up to date and hosts must be protected from unauthorized traffics.
  • Apply route filtering and set-up rate limiting in routers.
  • Disable unneeded network services.
  • Establish and maintain appropriate password policies and maintain regular backup schedules and policies where needed.
  • Broadcast and multicast addresses should be denied to be pinged.

Last Updated on Monday, 27 February 2012 14:12