DDOS Attack Service What is DDOS | DDOS Attack Service | DDOS Protect Service | Consultation | Guarantees and Anonymity | Hacks | Contacts

What is a DoS and DDoS Attack

What is a DoS attack

DoS means Denial of Service. The attacker attacks in order to cause an overload of the subsystem in which the attacked service operates. The impact is carried out from a single server and is aimed at a specific domain or virtual machine.

Features of DoS attacks:

The latter is also often assigned to network equipment, such as a router that has a "lightweight" version of Linux or similar software installed. This type of attack has not been particularly dangerous for a long time, but it affects the cost of maintenance (requires the installation of specialized programs).

What is a DDoS attack

DDoS stands for Distributed Denial of Service. The attack is implemented somewhat differently than DoS – the fundamental difference is the use of several hosts at once. The complexity of protection against this type of attack depends on the number of machines from which traffic is sent.

Features of DDoS attacks:

Manual examination of log files does not give anything here, it is almost impossible to distinguish attacking hosts from "normal" ones. The situation is aggravated by the fact that the source in 9 cases out of 10 are "ordinary sites" previously infected with a virus or hacked manually. Gradually, they form a single network, called a botnet, and increase the attack power.

The main differences and goals of the attacks

The most common reason why someone decides to "put" a web resource is extortion. The system is similar to the infection of local computers with ransomware viruses, when activated, the owner begins to demand a ransom for the return of Windows operability. The same happens with the site – the hacker sends the owner an email with the requirements.

There are also other reasons:

Types of attacks

A certain difficulty in determining the type of impact and methods of protection is caused by the difference in the variants of cyber attacks. There are more than a dozen ways to harm the server's performance, and each of them requires a separate counteraction mechanism. For example, UDP floods are popular, as well as site availability requests and DNS host blocking.

Channel overflow

A stream of echo requests is sent to the server with the task of completely "clogging" the hardware resources of the PC (physical or virtual machine). All providers allocate limited communication channels to users, so it is enough to fill them with false traffic, which will make it impossible to open the site with a normal request.

DNS flood

The target of the attack is a DNS server that is linked to the "victim". In this case, the site owner does not receive any messages from the hosting provider. The only option to "see" the problem in time is to connect third-party systems like Yandex.Webmaster, which check domain availability, connection speed, etc. in a circle.

PING flood

The impact on the host is accompanied by numerous requests without waiting for a response from the server. As a result, the web resource begins to lose real data packets, the speed of opening pages drops to the point of complete unavailability. Users will see attempts to open, but they will not wait for the result in the form of a page.

UDP flood

By analogy with the previous version, a large volume of packets in datagram format is sent to the victim's server. The server has to respond to each one in order to send a response in the form of an ICMP packet, meaning that "the addressee is unavailable". As a result, all the capacities of the virtual machine will be occupied by empty tasks.

Buffer overflow

A popular method of DoS attacks. The hacker seeks to cause errors in programs installed on the attacked server. For example, by overflowing the memory buffer allocated for the operation of the application. Such attempts are easily blocked, but only if special programs or routers with a protection function are used.

How to protect yourself from attacks

There are also more rare variants, for example: SYN-flood, Slow HTTP POST, Ping of Death or Slow HTTP GET. But they all boil down to attempts to "clog" the bandwidth of the channel so that the server stops responding to user requests, or to use up allocated memory and processor power when an overloaded system freezes and starts to slow down.

Ways to protect against DoS and DDoS:

Preventive monitoring of network activity. Before launching the main attack, a check is often carried out in "short series", so there is an opportunity to know in advance that there are problems with the availability of the site.

Filtering at the hosting level. Providers usually provide such a service within all paid tariffs. But it is better to check with the support service whether there is protection against DoS and DDoS attacks and how it is implemented.

A test attack on the server. There are special programs like Hping3, LOIC (Low Orbit Ion Cannon) or OWASP Switchblade. They allow you to emulate a real attack and reliably identify the level of protection of the server.

Plus, it is desirable to have a clear plan of action in case the site crashes. It may include measures to quickly connect another server, reconfigure DNS hosts, etc. The main thing is to ensure the continuous availability of published services regardless of external factors.

Write to us [email protected]

© 2018-2024 DDOS SERVICE PRO - All Rights Reserved.