+4 votes
221 views
in Know how by (242k points)
reopened
DoS attack: what happens during a denial of service attack?

1 Answer

+5 votes
by (1.6m points)
edited
 
Best answer

What is DoS (denial of service)?
How do you recognize a DoS attack?
How do DoS attacks work on a technical level?
Measures against DoS attacks
DDoS attacks - denial of service today

image

DoS attack: what happens during a denial of service attack?

Today, on the internet it is extremely important to be prepared for any danger. Otherwise, there are malicious agents that can enter your system, manipulate it or disable it. One of the classic strategies is the DoS attack. But what exactly is it and how can you protect yourself from it?

Index
  1. What is DoS (denial of service)?
  2. How do you recognize a DoS attack?
  3. How do DoS attacks work on a technical level?
  4. Measures against DoS attacks
  5. DDoS attacks - denial of service today

What is DoS (denial of service)?

In its origins, denial of service or DoS was used when some internet services were temporarily unavailable in an IT system, such as a server. This occurs when the corresponding servers are overloaded, for example, by an excessive number of requests from users. Internet services include websites, email services, or chat functions..

In a DoS attack, the attacker causes this? Denial of service? deliberately. For this,? Bombard? the network connections of the computer system responsible for exchanging external data with a multitude of requests, in order to overload them . If the number of requests exceeds the capacity of the system, the system slows down or completely stops, so that websites, email functions or online stores are no longer accessible .

A DoS attack can be compared to a situation in a real store where hundreds of people walk in and distract sales people with tricky questions, lock up resources, and make no purchases. Staff are overloaded until they cannot serve anyone else and actual customers cannot or cannot be served in the store.

Pure DoS attacks are, in principle, relatively easy to carry out , especially since they do not require penetrating the security measures of a computer system. It is even possible to carry out this illegal attack on a relatively small budget and without technical knowledge. Cybercriminals willing to carry out these types of attacks can be found for a few hundred euros on the darknet . If companies and organizations are not prepared for DoS attacks, they are exposed to enormous damage with minimal effort from the bad guys..

How do you recognize a DoS attack?

One possible indication that you are experiencing a DoS attack is the unusually slow performance of the entire network, which is especially noticeable when opening files or the websites themselves. A successful DoS attack is also easy to see from the outside: the attacked websites load very slowly. Also, some functions, such as online store, stop working completely. At the height of the attack, many websites are no longer accessible.

You can determine if you have been the victim of a DoS attack by monitoring and analyzing network traffic with the help of a firewall or another attack detection system (Intrusion Detection System). Network administrators have the ability to set criteria to detect abnormal traffic. If the number of suspicious requests to the system increases, an alarm is automatically triggered. This allows countermeasures to be taken as soon as possible..

How do DoS attacks work on a technical level?

Today there are many different types of DoS attacks , which can be roughly distinguished into attacks against bandwidth, attacks against system resources, and attacks that exploit security vulnerabilities and software bugs . To understand how come the criminals in a DOS attack and what steps can be taken to counter it , you can take as an example the smurf attack or smurf attack.

This is a specific type of DoS attack targeting the operating system or the internet connection of a computer system or network. The attacker sends pings , ICMP data packets of the type Echo Request or? Echo request ?, to the broadcast address of a network. In these data packets, the criminal enters the address of the attacking system. Then all computers on the network send a response to this system, mistakenly assuming that the requests come from it. The more computers that are part of the network used by the attacker, the greater the number of alleged responses and the more devastating the attack.

To prevent Smurf attacks, systems no longer respond to "echo request" packets. from ICMP and routers no longer forward packets addressed to broadcast addresses by default. This general security measure has made Smurf attacks rarely successful.

In summary

In the same way, some DoS attacks are still successful today. The network being attacked is overloaded with packets, which paralyzes the service.

Measures against DoS attacks

There are several measures to protect your infrastructure against denial of service attacks, which you can combine among them to strengthen them. In particular, you must correctly configure your routers and protect them with strong passwords. By installing protection measures on these nodes, many DoS attacks can already be prevented. In this way, attack packets are no longer supported in the internal structure. A good firewall provides additional security.

After determining the target of an attack, you can dedicate additional resources to it . Load sharing, for example, enables you to request additional capacity from the hosting provider on short notice to thwart DoS attacks before they occur.

Our article contains a more precise description of the difference between DDoS and DoS.

DDoS attacks - denial of service today

Most of the DoS attacks today take the form of Distributed Denial of Service attacks , which are identified by the acronym DDoS. DoS and DDoS attacks differ because, while DoS attacks have a single origin (for example, a computer or a network), DDoS attacks are carried out indirectly through a botnet, often widely distributed (hence the term distributed ).

A botnet consists of a group of hacked computers , called zombies. These are generally poorly maintained computers, the owners of which are rarely aware of the malicious software installed on them or that they are being used for criminal activities. The operator of a botnet can use this army of zombie computers to attack other computer systems.

There are botnets made up of several million computers. When all are used in a DDoS attack, the number of ? Illegitimate requests? to a network can increase enormously. This is one of the reasons why even portals with huge resources, such as Facebook, are not 100% secure against a large-scale DDoS attack.

advice

Maximize your security: with an SSL certificate you can guarantee your website visitors that their data transmission is encrypted and invisible to third parties.


...