What is a Denial of Service (DoS) and a (DDoS) Attack?

This post is a non technical description of what a DoS and DDoS attack is and is aimed to be understood by a non technical person.

So, What is a DoS Attack?

  • The goal of a Denial of Service (DoS) attack is simply to exhaust the resources of your website to such a point that no one else is able to make a connection, thus creating a denial of service for your service. It’s really that simple.

So what actually happens in a DoS Attack then?

  • When I browse to a website, under the hood, my computer uses a protocol called TCP/IP to establish and maintain a connection. There are three steps in establishing a TCP/IP connection.
    • Step 1 Make a initial connection to the destination – A SYN message.
    • Step 2 The destination replies with an acknowledgement – A SYN ACK message.
    • Step 3 The originator sends a confirmation to the destination – An ACK message.
  • A DoS Attack could either use the full three way handshake to establish a connection to the destination and thus start to monopolize a finite amount of the destinations resources.
  • A DoS Attack could also just undertake the first two steps of the three steps described above. The first two messages are sent and received and then the destination waits patiently for the third message from the originator. That message never comes, but the destination still waits patiently. The available finite number of connections would be reduced in the same way whether a full connection or a half open connection is made. This is known as a SYN Flood Attack.
  • In theory as an attacker, if I can keep creating more and more connections, eventually no one else will be able to connect and I will have achieved the goal of creating a DoS situation.
  • There are more possible DoS attacks including the Ping of Death, SlowLoris, NTP Amplification, UDP Flood and HTTP Flood. But hopefully now you get the basic idea now.

Still with me?

So, what is a DDoS Attack then?

  • Basically a Distributed Denial of Service (DDoS) attack is the same as a DoS attack, the only difference is in scale.
  • With the advent of Cloud Computing this makes it easy for websites to scale their capacity on demand, and with DDoS protection provided by technologies such as Firewalls and IDS/IPS that can block IP Addresses before they connect to the website, it becomes much less likely for a single attacker using a small amount of attacking hosts to create a Denial of Service situation. So as an Attacker, what can I do? Ahh, I know, I´ll call in my mates to help.
  • So a DDoS attack is all about increasing the number of attackers attempting to make connections to an unmanageable level and thus stop any legitimate connections from being made.
  • There are two main ways for an Attacker to gather enough attacking resources to execute a DDoS attack that have a reasonable chance of success.
    • Reaching out to others via Forums and Social Media platforms like Twitter and coordinating a time, date and destination to attack.
      • This is a good reason to keep an eye of Social Media for indications of a future attack. This, in the world of Incident Response, would be known as a precursor to an attack.
    • Rent access to or spend time building a “Botnet Army” of compromised Internet hosts that over which the attacker has remote control and can instruct to attack a target. It takes around 10,000 bots in order to execute a DDoS attack with a strong chance of success.
    • Now, you may be thinking 10,000 compromised hosts, that’s a lot, and it is a lot, but really not that difficult to source. With the advent of the Internet of Things (IoT) where household devices like Fridges and TVs are connected to the Internet, often with very poor Security installed and configured, it is not that difficult to build a Botnet Army. Just think, your new Fridge could be attacking a website as you read this article. It’s possible.

What is the goal of a DoS/DDoS attack?

  • Attackers motivations could be just “shits and giggles”, bored kids on the Internet who want to be the next Mr Robot and looking for something bad but not too bad to do.
  • It could be Hacktivism, As an organisation I may be undertaking some activities that Hackervists deem as immoral or corrupt and they want to show their displeasure through a DDoS attack.
    • This is another reason to keep abreast of Social Media posts that concern your organisation.
  • Motivations could be financial. I am looking to destroy the reputation of a competitor or extort money, pay us and we won’t attack you, or pay us and we will stop attacking you.
  • In the worst case scenario a DDoS Attack could be considered an Act of War where Nations attack other nations infrastructure. An Internet version of a first strike.

So what is the Future for DoS and DDoS Attacks?

  • Cisco Identified in the annual Security report 2018 the advent of a new type of DDoS attack called a “Burst Attack”. These are short sustained attacks at high frequency, attacks lasting only a few minutes at intervals of 5-15 minutes. These “Burst Attacks” are very good at disrupting platforms that have Time Sensitive content, such as Gambling sites, basically sites that don’t respond well to delays.
  • Reflection DDoS Attacks. An Attacker sends traffic to a legitimate server, but they specify the attacker victims IP Address, so when the legitimate server replies, it is sent to the victim server and creates a Denial of Service Situation.
  • The Internet of Things will continue to grow in use. IoT Devices are Linux based because they are Open Source e.g. Free. But little thought is given to Patching or Security. People are unwilling to patch and update their main computer. What thought are they going to give to updating their Internet connected Fridge?
  • What is clear, DoS and DDoS Attacks mutate and evolve but are not going anywhere.
Summary
Article Name
What is a Denial of Service (DoS) and a (DDoS) Attack?
Description
This post is a non technical description of what a DoS and DDoS attack is and is aimed to be understood by a non technical person.
Author
Publisher Name
OIC Solutions

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this:
search previous next tag category expand menu location phone mail time cart zoom edit close