DDoS Eng: Difference between revisions
(Created page with "'''Overview''' Written by Andris Männik DDoS (Distributed Denial-of-Service) is an attack in which the goal is to flood a system with requests from a network of computers...") |
No edit summary |
||
| Line 12: | Line 12: | ||
The difference comes from that in DDoS'ing, the requests are coming from a plethora of computers from many different networks, where as DoS'ing is when the requests are coming from a single computer from a single network. | The difference comes from that in DDoS'ing, the requests are coming from a plethora of computers from many different networks, where as DoS'ing is when the requests are coming from a single computer from a single network. | ||
'''Methods''' | |||
Attack vectors | |||
Generally, DDoS attacks can be divided into four categories: | |||
Volumetric attacks, for example SYN flooding. This sort of attack is meant to utilize the 3 way TCP handshake in which computers are sending SYN packets and the receiving computer has to reply with an ACK packet. The most basic attack type. Devices which are capable of keeping up with millions of device requests are even brought low by this type of attack. | |||
Application Layer Attack - This attack relies on the disruption of information between computers. This vector of attack is good for an attacker who doesn't have a big botnet, because the attacked server has to use a lot more resources to respond to the HTTP request, and there's little bandwith cost to the attacker, or at least, significantly lower to the attacker than it is to the attacked server or system. | |||
Fragmentide rünnakud(Fragmentation Attacks ing.k) - Need rünnakud tekitavad üleujutuse, saates ohvrile TCP või UDP fragmente. Tänu sellele väheneb süsteemi jõudlus ning ohver ei saa enam andmevooge uuesti kokku panna. | |||
Revision as of 12:58, 17 April 2017
Overview
Written by Andris Männik
DDoS (Distributed Denial-of-Service) is an attack in which the goal is to flood a system with requests from a network of computers so that the system buckles under the weight of the bandwith, so that the system cannot process legitimate requests and if the attack is coming from a wide area it is incredibly difficult to filter legitimate and illegitimate traffic. DDoS'ing is most commonly done in botnets, zombie computers infected with malicious software to accept commands from the attacker's own computer, to start and stop flooding a service with requests whenever the attacker chooses.
As technology advances discovering and remedying DDoS attacks will be much more difficult.
DDoS is a more sophisticated version of DoS.
The difference comes from that in DDoS'ing, the requests are coming from a plethora of computers from many different networks, where as DoS'ing is when the requests are coming from a single computer from a single network.
Methods
Attack vectors
Generally, DDoS attacks can be divided into four categories:
Volumetric attacks, for example SYN flooding. This sort of attack is meant to utilize the 3 way TCP handshake in which computers are sending SYN packets and the receiving computer has to reply with an ACK packet. The most basic attack type. Devices which are capable of keeping up with millions of device requests are even brought low by this type of attack.
Application Layer Attack - This attack relies on the disruption of information between computers. This vector of attack is good for an attacker who doesn't have a big botnet, because the attacked server has to use a lot more resources to respond to the HTTP request, and there's little bandwith cost to the attacker, or at least, significantly lower to the attacker than it is to the attacked server or system.
Fragmentide rünnakud(Fragmentation Attacks ing.k) - Need rünnakud tekitavad üleujutuse, saates ohvrile TCP või UDP fragmente. Tänu sellele väheneb süsteemi jõudlus ning ohver ei saa enam andmevooge uuesti kokku panna.
