What is DOS? It stands for “Dos” and “Done.” In computer science, a denial of service attack is an unsuccessful cyber-attempt to block a network or computer resource from its intended users by permanently or temporarily disabling service of a host attached to the network. In effect, it is like a black swan hanging on a hook, unaffected by the efforts of the swan to turn off the tap. While this kind of attack may have some deterrent value, the victim may be able to recover from the attack, albeit after a long and expensive process of rehooting, reconfiguring, or upgrades. The main motivation for such attacks is a security vulnerability.
Distributed denial of service attacks are somewhat more difficult than DOS attacks. A DOS attack occurs when a single user connects to the system and then deliberately uses software tools like Win Fixer or VirtualBox to hide or destroy system resources like the operating system, files, programs, etc. While such attacks can be quite costly, they are usually prevented by using a firewall between the system and the attackers. In a distributed denial of service (DDoS), by contrast, attackers use spoofed IP addresses and/or network masquerade in order to attack systems that are not directly connected to them.
The most common method of DDoS attacks is to jam a network with lots of traffic that will divert legitimate users from clicking on ads or visiting specific web pages. Such attacks are possible when DDoS is executed by attackers who have the capability to create legitimate-looking websites that will appear to be the target of legitimate traffic. For example, if you’re working at your home computer, while doing work on a forum for your church, you may visit a site that looks like the church’s site, while actually being operated by a criminal. Likewise, if you’re reading an online article about a particular subject, you may visit a malicious site, which may contain malicious embedded codes that will harm your system.
There are various different types of DDoS attacks, including the more popularly known flooding and denial of service (DDoS) and distributed denial of service (DDoS) attacks. Flooding occurs when a huge number of people visit a website at once, flooding the server to such an extent that the website becomes unavailable or causes it to crash completely. This is a malicious attack, where the attacker intentionally overload the server with traffic, causing the server to go into an error or even crash completely. A DDoS is also the opposite of a flood, wherein a DDoS is an attack conducted by a lot of people flooding the victim’s server with Internet traffic so that the server is overwhelmed and unusable.
Distributed denial of service attacks are conducted with the aid of several “sink” or “brickwashes”. These are software programs which are planted on infected machines, allowing them to enter commands remotely over the Internet. There are different types of IP spoofing and attacks that can be performed against common targets like email boxes. There are so-called Botox attacks in which tiny botox capsules are injected in a person’s face to temporarily paralyze facial muscles. Distributed denial of service can be carried out using a network of infected computers or devices. The Internet itself is often used as a medium to perform these attacks.
Application layer attacks occur when attackers exploit the various layers of the application layer. Simple DOS attacks may be conducted against a simple software that is not designed to be resistant to such attacks. The application layer attacks are done by sending a series of commands to a victim’s server and manipulating it accordingly. For instance, an attacker can send a DDoS against a web server by planting a virus or other malicious program on the server and making it execute an attack against it. Similarly, the HTTP protocol is being attacked by some applications by generating excessive traffic to it.
Application layer attacks are very common today and can be devastating for many network operators. One of the most important things that one should do is to implement a mitigation strategy against application layer attacks. It is always-on services, which help to protect a server from these attacks and reduce the risk of attack. There is so-called Always-On Mitigation, which are services which are always-on and run even without any user intervention. These include ICMP Echo Request and ICMP Echo Relay which are always-on services.
Botnets are another major cause for concern today. These botnets are usually created with the help of a network administrator, who releases them for use by anyone who wants them. Once the botnet is released for use, it will start sending DOS messages to a target server. The DNS servers of those affected will receive a reply from the botnet administrator telling them that there is a DNS problem. Thus, a DNS server that is used by a typical consumer or small business to access the Internet will suffer a serious attack.
