What is DDOS | DDOS Attack Service | DDOS Protect Service | Consultation | Guarantees and Anonymity | Hacks | Contacts

What is a DoS and DDoS Attack

What is a DoS attack

DoS means Denial of Service. The attacker attacks in order to cause an overload of the subsystem in which the attacked service operates. The impact is carried out from a single server and is aimed at a specific domain or virtual machine.

Features of DoS attacks:

• Single character – the traffic flow is started from a single subnet.
• High visibility – attempts to "put" the site are noticeable by the contents of the log file.
• Easy suppression – attacks are easily blocked by a firewall.

The latter is also often assigned to network equipment, such as a router that has a "lightweight" version of Linux or similar software installed. This type of attack has not been particularly dangerous for a long time, but it affects the cost of maintenance (requires the installation of specialized programs).

What is a DDoS attack

DDoS stands for Distributed Denial of Service. The attack is implemented somewhat differently than DoS – the fundamental difference is the use of several hosts at once. The complexity of protection against this type of attack depends on the number of machines from which traffic is sent.

Features of DDoS attacks:

• Multithreaded nature - this approach simplifies the task of blocking the site, because it is almost impossible to quickly weed out all attacking IP addresses.
• High secrecy – the competent construction of the attack allows you to disguise its beginning as natural traffic and gradually "clog" the web resource with empty requests.
• The difficulty of suppression – the problem lies in determining the moment when the attack began.

Manual examination of log files does not give anything here, it is almost impossible to distinguish attacking hosts from "normal" ones. The situation is aggravated by the fact that the source in 9 cases out of 10 are "ordinary sites" previously infected with a virus or hacked manually. Gradually, they form a single network, called a botnet, and increase the attack power.

The main differences and goals of the attacks

The most common reason why someone decides to "put" a web resource is extortion. The system is similar to the infection of local computers with ransomware viruses, when activated, the owner begins to demand a ransom for the return of Windows operability. The same happens with the site – the hacker sends the owner an email with the requirements.

There are also other reasons:

• Unfair competition – "colleagues" are trying to occupy a niche by removing other market players.
• Entertainment – young programmers launch attacks for the sake of bragging to friends, acquaintances, colleagues.
• Dislike of a personal, political nature – the motive becomes disagreement with the policy of the government, a certain organization.
• There may also be problems coming from dissatisfied employees who have quit or are still working, but are already ready to mess with their employer.

Types of attacks

A certain difficulty in determining the type of impact and methods of protection is caused by the difference in the variants of cyber attacks. There are more than a dozen ways to harm the server's performance, and each of them requires a separate counteraction mechanism. For example, UDP floods are popular, as well as site availability requests and DNS host blocking.

Channel overflow

A stream of echo requests is sent to the server with the task of completely "clogging" the hardware resources of the PC (physical or virtual machine). All providers allocate limited communication channels to users, so it is enough to fill them with false traffic, which will make it impossible to open the site with a normal request.

DNS flood

The target of the attack is a DNS server that is linked to the "victim". In this case, the site owner does not receive any messages from the hosting provider. The only option to "see" the problem in time is to connect third-party systems like Yandex.Webmaster, which check domain availability, connection speed, etc. in a circle.

PING flood

The impact on the host is accompanied by numerous requests without waiting for a response from the server. As a result, the web resource begins to lose real data packets, the speed of opening pages drops to the point of complete unavailability. Users will see attempts to open, but they will not wait for the result in the form of a page.

UDP flood

By analogy with the previous version, a large volume of packets in datagram format is sent to the victim's server. The server has to respond to each one in order to send a response in the form of an ICMP packet, meaning that "the addressee is unavailable". As a result, all the capacities of the virtual machine will be occupied by empty tasks.

Buffer overflow

A popular method of DoS attacks. The hacker seeks to cause errors in programs installed on the attacked server. For example, by overflowing the memory buffer allocated for the operation of the application. Such attempts are easily blocked, but only if special programs or routers with a protection function are used.

How to protect yourself from attacks

There are also more rare variants, for example: SYN-flood, Slow HTTP POST, Ping of Death or Slow HTTP GET. But they all boil down to attempts to "clog" the bandwidth of the channel so that the server stops responding to user requests, or to use up allocated memory and processor power when an overloaded system freezes and starts to slow down.

Ways to protect against DoS and DDoS:

Preventive monitoring of network activity. Before launching the main attack, a check is often carried out in "short series", so there is an opportunity to know in advance that there are problems with the availability of the site.

Filtering at the hosting level. Providers usually provide such a service within all paid tariffs. But it is better to check with the support service whether there is protection against DoS and DDoS attacks and how it is implemented.

A test attack on the server. There are special programs like Hping3, LOIC (Low Orbit Ion Cannon) or OWASP Switchblade. They allow you to emulate a real attack and reliably identify the level of protection of the server.

Plus, it is desirable to have a clear plan of action in case the site crashes. It may include measures to quickly connect another server, reconfigure DNS hosts, etc. The main thing is to ensure the continuous availability of published services regardless of external factors.