Which of the following result from a denial service attack?
8 minute(s) read
Published on: Mar 26, 2022
Updated on: Mar 29, 2022
A denial service attack is known as DOS or DDoS, in short. Dos is a network attack that sends many requests to the server and overuses server resources; it disrupts server performance until it renders the server inaccessible. As the name of these attacks implies, they have no purpose other than to take the server out of reach. Experience has shown that preventing these types of attacks is much easier than fighting with them because most of the time, you can not destroy them after they reach your website. To prevent Didas attacks, firewalls are designed to be hardware and software that use blocking IPs that send unusual requests to the server to prevent such attacks from occurring. On shared servers, you can also prevent a DOS attack by blocking the site that has been attacked. Of course, this is not a strong defense method because, after the site's reopening, the attacks may resume. In this article, we will see the causes of denial service attacks.
About denial service attack
In computer science, a denial-of-service attack or distributed denial-of-service attack is an attempt to remove machine and network resources from the reach of authorized users; In fact, any attack on accessibility is considered a denial-of-service attack. Although the purposes of a DOS attack and the motives for doing that may vary, it generally involves trying to temporarily or permanently interrupt or suspend the services of an Internet-connected host. DOS targets typically target sites or web server hosting services with appropriate features such as banks, credit cards, and even root servers. One common method of attack involves saturating the target machine with external communication requests. The target machine can not respond to legal traffic, or responses are given at a low speed or unavailable. Such attacks lead to high server overhead. A DOS attack forces the target computer to reset or consume its resources, so it can not serve the services in question and also violates the policies accepted by Internet service providers.
How do DDoS (Denial Service Attack) attacks work?
Didas attacks require an attacker to access and control online networks and properly direct the attack. In this process, computers and other devices, such as IoT devices, become infected with malware, turning each into a bot. The attacker can then access and control the robots remotely, a function known as a botnet. After creating a botnet, an attacker can direct devices by sending updated instructions to each robot via the remote control system. When a botnet targets a specific IP address, each bot starts sending repeated requests to the target server or network. This leads to an increase in traffic. The bad news is that because every robot is recognized as a legal device in the world of the Internet, it is very difficult to separate the traffic caused by the attack from the normal traffic.
Types of DDoS attacks
Different DDoS attack vectors target different network connection components. To better understand how different DDoS attacks work, you first need to know how a network connection is created. Every network connection on the Internet is made up of several different components or layers. Like the steps of building a house, you set a new goal after the previous one in each stage. The OSI model below is a conceptual framework for describing and interpreting a network connection in seven distinct layers.
1. Application layer
Human-computer interaction layer, where applications can access the network services
2. Presentation layer
Ensures that data is in a usable format and is where data encryption occurs
3. Session layer
Maintain connections and is responsible for controlling ports and sessions
4. Transport layer
Transmits data using transmission protocols including TCP and UDP
5. Network layer
Decides which physical path the data will take
6. Datalink layer
Defines the format of data on the network
7. Physical layer
Transmits raw bitstream over the physical medium
Although it can be said that almost all DDoS attacks occur by surprising the target devices with excessive traffic, but still the attacks can be divided into three categories.
1. Application Layer Attacks
Sometimes referred to as Layer 7 attacks, it is said that these attacks were created to erode the intended resources. These attacks target the layer on which web pages are created on the server, where HTTP requests are answered. An HTTP request is easily executed by the client but can be very difficult for the target server, as the server must load multiple files and execute the database request to create a web page. Therefore, it is difficult to defend against Layer 7 attacks.
An example of an Application Layer attack called TTP Flood:
This attack is similar to repeatedly refreshing the web browser on different computers simultaneously. In other words, many HTTP requests are sent to the server, and as a result, the server becomes inaccessible. This type of attack varies from simple to complex. Its simple implementation can be getting a URL. The complex type may use many IP addresses to attack and randomly target URLs.
2. Protocol Attacks
This type of attack is also called a state-exhaustion attack, in which it disrupts the full capacity of web application servers or resources such as firewalls and load balancing. Protocol Attacks exploit vulnerabilities in Layers 3 and 4, making it impossible to reach the target.
An example of a protocol attack called SYN Flood:
This attack is exactly like a warehouse worker receiving his request from the front of the store. The worker receives the request, goes and receives the package, and waits for confirmation before removing the package. The worker now receives so many requests without confirmation that he can no longer carry them and can no longer respond to requests. This attack exploits the victim by sending many Initial Connection Request. The target device responds to every connection request and waits for the last step in the handshake, which is not going to happen but is eroding the target resources.
3. Volumetric Attacks
These attacks create a high density between the target and the larger Internet, consuming all the bandwidth. Many data is sent to the target using massive traffic generation such as botnet requests.
An example of Volumetric Attacks called DNS Amplification: DNS Amplification is like someone calling the restaurant and ordering all the menu items on the restaurant and then saying, "Call me now and read my order one by one." In other words, with very little effort, a very long response is generated. By creating a request with the Spoofed IP address (the real target IP address) and sending it to the open DNS server, the target IP address receives the request from the server. In this case, the attacker configures the requests so that the DNS server responds to the target with large amounts of data. As a result, the target encounters many requests sent from the attacker.
How to avoid falling victim to a DoS or DDoS attack?
Unfortunately, there is no effective way to prevent a victim of this type of attack. Still, there are steps you can take to reduce the chances of your computer being misused to attack another computer.
• Install antivirus software and keep it up to date
• Install a firewall, and set it to limit incoming and outgoing traffic to your computer
• Protect your email address and security settings. For example, filtering the addresses of emails that send spam.
• Use online services such as Cloudflare, etc.
How do you know if an attack has occurred?
Knowing that every service outage does not mean a DoS or DDoS attack, the following signs can help us indicate that an attack is ongoing:
• Website unavailability
• No access to any website
• Slowing down network speed
• Increase receiving spam emails in your email account
What should you do if you are attacked?
If you are sure that DDoS or DoS have attacked you, it is best to contact a professional and ask for help.
• If you can not access your files or other websites from your computer, contact your network administrator.
• Contact your ISP if you have this situation on your home computer.
• If you find a specific IP, you can block it. You may have to block an IP range. (Server administrators have access to these settings.)Click to analyze your wesbite SEO