Active Topics Memberlist Calendar Search Help | |
Register Login |
One Stop Testing Forum : Types Of Software Testing @ OneStopTesting : Functional Testing @ OneStopTesting |
Topic: DoS and DDoS |
|
Author | Message |
surabhi
Newbie Joined: 03Apr2007 Online Status: Offline Posts: 1 |
Topic: DoS and DDoS Posted: 03Apr2007 at 11:50pm |
What is DoS and DDoS?
What is Denial of Service exactly? Denial of Service is just that, Denial of Service. To be a bit more descriptive, Denial of Service is either accidental or purposeful attempts to deny users access to resources. This can be in the form of stealing bandwidth which is the most common form of attack, it can be in the form of eating disk space, it can be in the form eating processor, and various other resource stealing. Oftentimes this is accidental. The Slashdot effect is often an accidental denial of service. However, sometimes this can be on purpose. An attacker can launch software that will steal resources from a target. In a more general outlook, there are attacks called Land Attacks where an attacker will launch an attack that will cause a server or other target to attempt to respond to itself. Eventually this will cause the server to eat up the allocated connection tables and will not respond to any more requests. Other attacks such as the Ping of Death eat up bandwidth until the target is so saturated that it cannot respond any more. Typically a Ping of Death involves IP spoofing. Many other attacks are out there and will eat up other resources. So what is a Distributed Denial of Service attack? DDoS, or Distributed Denial of Service attack is pretty self-explanatory. This is a Denial of Service attack this coming from multiple directions. Slashdot effect is a good example of a DDoS. The above-mentioned attacks can also be DDoS attacks if multiple hosts are involved. You'll typically see DDoS attacks from zombies, or computer that have been infected with a piece of malware to allow them to be controlled by an attacker. This is typical of botnets, or computers that have been infected with a malware that forces the computer to join an IRC channel for control of the attacker. These computers can then be controlled to launch port scans against a target, be it a single computer or network, launch SYN floods or whatever else the malware author coded. How does this affect web application? Typically a user of web application will not see a DDoS. What they will see instead is a DoS. This can come in several forms, but most common are registration flooding, searching flooding, and post flooding. What makes these types of attacks unique is that HTTP attacks require a 3 way handshake. In other words, the IP address cannot be spoofed. This doesn't mean that it cannot be masked (think proxies), but the 3 way handshake is a component of the stateful TCP (Transmission Control Protocol). Without going really low-level in networking protocols, the host must send a packet saying "I'm here, I want to communicate with you" and the target (victim or not) will send a reply saying "Okay, I'm ready for you" and then the host will reply saying "Okay, here comes the information." This is the 3 way handshake. Prevention methods, are they available? Yes and no. Eventually a DoS or DDoS will win. There are mitigation methods and countermeasures however. On the lower networking level (layers 2 and 3 for those familiar with the OSI model) there are mitigation methods. One method is routing the attack to a blackhole. Another method is using QoS (Quality of Service). Another method is tarpitting. Tarpitting will only work for TCP and not IP however. The average user will not have access to do this however, even owners of dedicated or colocation. On up the OSI model to the application layer to say phpBB, there is very little to be done. Some mitigation methods possible are the use of Visual Confirmation (visual turing, captcha, whatever name you like), ensuring users must validate email addresses, or better still, the administrator must validate an account. Apache has an anti-DoS module that can be used. A DoS or DDoS will eventually become successful because the router or other device will eventually have its resources taken trying to mitigate the attack and will fail. So either the owner of the device will have to take it offline until the attack subsides, or the victim will be taken offline by the attack. Post Resume: Click here to Upload your Resume & Apply for Jobs |
|
IP Logged | |
Forum Jump |
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
© Vyom Technosoft Pvt. Ltd. All Rights Reserved.