Basic Overview of DDOS Attack

Introduction

The first Dos attack occurred in 1974, courtesy of David Dennis, a 13-year-old high school student. Residing around the road from either the Software-Based Education Laboratory at the Urban-Champaign University of Illinois. David also recently learned a couple of new commands which will operate the PLATO terminals of CERL. PLATO is one of the critical collaborative automated software frameworks and a predecessor to other potential multi-user operating programs.

Named “remote” or “ext,” the control was intended to enable contact with terminal-connected external devices. However, it’s going to trigger the terminal to freeze up while operating on a terminal with no connected devices attached — requiring a lockout and control-on to revive usability.

Curious to work out what it’d be like wishing to have a neighbourhood full of users locked out directly, he wrote a script that would transmit the “ext” order at the same time to many PLATO platforms. Dennis visited CERL and checked his software, which culminated in all 31 participants being required to log off immediately. The approval of a world “alt.”

The order was ultimately transferred by necessity. After the mid-to-late 1990s, as Online Relay Chat became typical for the very first time, many users struggled to monitor unregistered chat networks, where an admin user might lose his or her control if he or she signed off. This action prompted attackers to aim at pushing users to any or some logout inside a server so that they might access the server alone and acquire administrator rights because of the only user present. Such “king of the hill” battles — during which users intended to seize over an IRC network and keep it in the face of attacks from other hackers — was waged using fundamental Dos assaults focused on bandwidth and IRC chat flooding.

Dos attack is one type of Attack; it does not harm the database or application information. Its degraded performance of lacking application issues, server down, overload server. DOS attack devices are mainly of two types.

1. Flooding attack
   
2. Internet Control Message Protocol (ICMP) Flood
   

• In a flooding attack, many hosts are generated by the attacker and target a single target or server. Generate traffic on target and applications are slowing down or not working correctly.
• An ICMP (Internet Control Message Protocol) attack is also known as a ping flooding attack. The attacker attempts many echoes -requests in case network focused based on request and response then the new user can not work usually.

Work of D Dos

D Dos attack is mainly script or application to target attack device and applies Attack. For example, suppose the university website for the admission of new students has one Chabot available. In Chabot first, you say hi and it’s responding you welcome to our university. Attacker targets this hi message and fires trigger in the different bot, machine and script to send a hi message to different IP addresses.
After applying this Attack may be site capacity is handled, 100 users per selected time. Attack generates a random number of bots to regrade the performance of the website. If the number is > 100, then the new user can not work properly on the admission website. Or maybe the number was < 100 then generate a number of the zombie user.
DDOS Attack mostly targets organizations, university admission pages, banking login pages, and many more.

Types of DOS/DDOS Attacks

1) volume-based attacks.

2) Protocol Attacks.

3) Application layer Attacks.

4) UDP Flood.

5) ICMP (Ping) Flood.

6) SYN Flood.

7) Ping of Death.

8) Slowloris.

9) NTP Amplification.

10) HTTP Flood.

11) Application Layer Attack.

* 1) volume-based Attacks.

Includes UDP floods, ICMP floods, and many other spoofed floods. The reason for the Attack is to contaminate the processing power of the attack site, and the magnitude is measured in bits per second.

* 2) Protocol Attacks.

Here Involves SYN floods, fragmented packet attacks, Death Ping, Smurf D Dos, and more. This sort of attack consumes actual server resources or optimal communication devices, like firewalls and load adjusting devices, and is measured in packets per second.

* 3) Application Layer Attack.

Includes small-and-slow attacks, GET / POST floods, attacks targeting Apache, Windows or OpenBSD weaknesses, and more. the target of those attacks, consisting of seemingly legitimate and innocent demands, is to crash the server, and therefore the size is measured in Requests per second.

* 4) UDP Floods.

By definition, a UDP flood is any D Dos attack that floods a target with User Datagram Protocol packets. The Attack’s goal is to flood random ports to a foreign host. Those causes the host to look repeatedly for the appliance listening at that interface, and answer with the packet ICMP Destination Unreachable. This phase saps host resources, which can ultimately end inaccessibility.

* 5) ICMP PING Flood.

In terms analogous to the UDP flood attempt, the intended resource is flooded by an ICMP flood of ICMP Echo Query (ping) packets, usually submitting packets as soon as possible without expecting responses. This method of assault will be using both inbound and outbound bandwidth since the victim’s servers would always seek to reply with ICMP Echo Response packets leading to an overall severe delay within the network.

* 6) SYN Flood.

An SYN flood D Dos attack exploits a recognized flaw within the TCP link series whereby an SYN request to determine a TCP link with a number must be replied to by an SYN-ACK reply from that host, then verified by an ACK answer from the requester. The requester sent several SYN requests in an SYN flood situation, but either doesn’t answer the SYN-ACK response from the server or sent SYN requests from a spoofed IP address. Each way, with any of the queries, the host network proceeds to attend with acceptance, binding services before no further links are often created and eventually end in DOS.

* 7) Ping of Death.

A death ping death requires the intruder to transmit multiple malformed or harmful pings to a system. An IP packet’s total packet duration (including header) is 65,535 bytes. The info Connection System, though, typically presents limitations to the typical frame size–1500 bytes on an Ethernet network, for instance. During this scenario, a broad IP package is going to be broken into several IP packages. Therefore the receiver host must reassemble the IP fragments into the entire packet. During a Ping of Death situation, the receiver finishes up with an IP packet that’s greater than 65,535 bytes when reassembled after fraudulent abuse of the fragment material. This may delegate storage buffers leak.

* 8) Slowloris.

Slowloris maybe a focused assault that permits one server to access another site without disrupting the target channel’s other resources or connection. Slowloris achieves so by maintaining as many be numerous links as possible available to the goal Web server. It does so by building links to the aim server and only by submitting a partial message. Slowloris delivers further HTTP headers all the time but never finishes a file. The target server holds open all of those fake links. It inevitably fizzes the allowable cumulative contact volume, which contributes to rejection by legal clients of additional connections.

* 9) NTP Amplification.

The attacker targets publicly-accessible Network Time Protocol servers in NTP amplification attacks to flood a specified device with UDP traffic. The attacker is understood as an amplification invasion, and in these situations, the stored procedure-to-response ratio remains between 1:20 and 1:200 or more. It ensures that each intruder accessing an inventory of available NTP servers will quickly produce a destructive heavy-bandwidth, heavy-volume D DoS assault.

* 10) HTTP Flood.

The intruder uses apparently-legitimate HTTP GET or POST requests to assault — a server or device during a D Dos assault via HTTP surge. HTTP floods don’t use malformed packets, spoofing or reflective tactics and needless bandwidth to scale back the target site or website than other assaults.

The assault is most successful because it causes the server or the client to assign the foremost available resources in answer to every question.

* 11) Application Layer Attacks.

Application layer attacks or layer 7 D DoS attacks ask for a sort of malicious activity intended to hit the “core” layer within the Open System interconnection model (OSI) where specific network requests like HTTP GET and HTTP POST occur. In comparison to network layer attacks like DNS Modulation, these layer 7 attacks are particularly useful thanks to their server resource usage, additionally to network resources.

Conclusion

D Dos Attack is an assault on infrastructure and repair availability that end in financial damages, loss of credibility of the enterprise, and disruption within the flow environment. The hard fact is that defence systems like firewalls, routers, and IDS are very week-long to avoid D Dos because they cannot discriminate between initial and bogus data. Another aspect is that it uses IP spoofing; it’s stateless to ask for initial packets plus the routing involved barely. Consequently, it ends during a rather massive assault.

Author

This D-Dos Attack was performed by My Self Kuldip Mori under the Guidance of Prof. Sneha Padhiar, CHARUSAT University. This story can help to understand the Attack of Dos/D Dos attack this is only for knowledge do not try any Government website.