DoS means Denial of Service. The attacker attacks in order to cause an overload of the subsystem in which the attacked service operates. The impact is carried out from a single server and is aimed at a specific domain or virtual machine.
The latter is also often assigned to network equipment, such as a router that has a "lightweight" version of Linux or similar software installed. This type of attack has not been particularly dangerous for a long time, but it affects the cost of maintenance (requires the installation of specialized programs).
DDoS stands for Distributed Denial of Service. The attack is implemented somewhat differently than DoS – the fundamental difference is the use of several hosts at once. The complexity of protection against this type of attack depends on the number of machines from which traffic is sent.
Manual examination of log files does not give anything here, it is almost impossible to distinguish attacking hosts from "normal" ones. The situation is aggravated by the fact that the source in 9 cases out of 10 are "ordinary sites" previously infected with a virus or hacked manually. Gradually, they form a single network, called a botnet, and increase the attack power.
The most common reason why someone decides to "put" a web resource is extortion. The system is similar to the infection of local computers with ransomware viruses, when activated, the owner begins to demand a ransom for the return of Windows operability. The same happens with the site – the hacker sends the owner an email with the requirements.
A certain difficulty in determining the type of impact and methods of protection is caused by the difference in the variants of cyber attacks. There are more than a dozen ways to harm the server's performance, and each of them requires a separate counteraction mechanism. For example, UDP floods are popular, as well as site availability requests and DNS host blocking.
A stream of echo requests is sent to the server with the task of completely "clogging" the hardware resources of the PC (physical or virtual machine). All providers allocate limited communication channels to users, so it is enough to fill them with false traffic, which will make it impossible to open the site with a normal request.
The target of the attack is a DNS server that is linked to the "victim". In this case, the site owner does not receive any messages from the hosting provider. The only option to "see" the problem in time is to connect third-party systems like Yandex.Webmaster, which check domain availability, connection speed, etc. in a circle.
The impact on the host is accompanied by numerous requests without waiting for a response from the server. As a result, the web resource begins to lose real data packets, the speed of opening pages drops to the point of complete unavailability. Users will see attempts to open, but they will not wait for the result in the form of a page.
By analogy with the previous version, a large volume of packets in datagram format is sent to the victim's server. The server has to respond to each one in order to send a response in the form of an ICMP packet, meaning that "the addressee is unavailable". As a result, all the capacities of the virtual machine will be occupied by empty tasks.
A popular method of DoS attacks. The hacker seeks to cause errors in programs installed on the attacked server. For example, by overflowing the memory buffer allocated for the operation of the application. Such attempts are easily blocked, but only if special programs or routers with a protection function are used.
There are also more rare variants, for example: SYN-flood, Slow HTTP POST, Ping of Death or Slow HTTP GET. But they all boil down to attempts to "clog" the bandwidth of the channel so that the server stops responding to user requests, or to use up allocated memory and processor power when an overloaded system freezes and starts to slow down.
Preventive monitoring of network activity. Before launching the main attack, a check is often carried out in "short series", so there is an opportunity to know in advance that there are problems with the availability of the site.
Filtering at the hosting level. Providers usually provide such a service within all paid tariffs. But it is better to check with the support service whether there is protection against DoS and DDoS attacks and how it is implemented.
A test attack on the server. There are special programs like Hping3, LOIC (Low Orbit Ion Cannon) or OWASP Switchblade. They allow you to emulate a real attack and reliably identify the level of protection of the server.
Plus, it is desirable to have a clear plan of action in case the site crashes. It may include measures to quickly connect another server, reconfigure DNS hosts, etc. The main thing is to ensure the continuous availability of published services regardless of external factors.
Write to us [email protected]
© 2018-2023 DDOS SERVICE PRO - All Rights Reserved.