By: Sudipta Banerjee
September 8, 2020
Introduction to DOS and DDOS
By: Sudipta Banerjee
September 8, 2020
What are Cyber Threats?
The definition of “Cyber” has seen multiple transitions from the late ’90s to the current era. It was referred to as the science of understanding machines and animals' movement in 1950, or, more commonly, “Cybernetics.” The new definition of “Cyberspace” evolved in 1990, when people believed in the existence of a physical space beyond the electronic activities of computing. Today, the word “Cyber” is primarily used to mean “Security” or “Information Security.” Cyberspace's presence is critical to understand because of the immense threat that it poses in the 21st century. It is very hard to believe that a piece of information traveling via the Internet can present a major threat or be easily attacked.
A Cyberattack is a type of attack where the attackers target the digital devices and use those devices to mount an attack against the user with the help of Cyberspace. CyberSpace is a virtual space that provides the attackers a path, or a medium, to ambush a system without getting noticed. In most cases, these attacks are primarily carried out to steal data or take a server down without attracting the user’s attention. The impact of a cyber attack can be immense, some are merely done to annoy a user, and few are done with serious intent to instill tension on the receiving end.
Prevention of Cyber Attacks
The prevention of a cyber attack is extremely important, especially considering the source and reason for the device's espionage. A Cyberattack can cause a complete blackout of servers, failure of defense systems, and leakage of confidential data from a system. These threats can be perilous, as they may result in a national security issue, or cause millions of important assets. A Cyberattack can target any PDA’s and might successfully paralyze the usage of the particular device.
These security breaches can be as disastrous as a physical terrorist attack on a country, leading to chaos among the victims. The cyber threats are often given the utmost importance, covering everything from small scale to large scale industries. Every sector that comprises an IT system is vulnerable to a cyber attack.
Types of Cyber Attacks
A cyber attack falls into one of three main categories, depending upon the attacker's intent - Financial Mode, Service Disruption, or State Espionage. The different types of Cyber threats are as follows:-
Malware:- An attacker targets a user via installing software that performs malicious tasks and corrupts their whole database
Phishing:- This is an email-borne attack that targets the recipient of an email by sending malicious hyperlinks and damaging their internal data.
Trojans:- This is one of the deadliest threats that every system often experiences, leading to a complete blackout of the Operating system. It is commonly known as “Trojan Horse.”
Denial of Service (DOS) or Distributed Denial of Service (DDOS):- DOS or DDOS attacks are usually performed by sending large amounts of flooding requests to disrupt a website or a server, while the attacker can easily breach numerous security protections in a few minutes.
Man in the middle attack (MitM):- In this type of attack, the victim is forced to allow the attacker to intercept the victim’s electronic messages receipt. The attacker then alters the security protocols in transit.
What are DOS and DDOS?
Denial of Service, or DOS, is a threat where large amounts of traffic requests are directed towards a server or website (usually more than it can handle) to disrupt the service and alter its availability for a long amount of time. During a DOS attack, the server may experience a lag of usage or a complete blackout of all its services until normalcy is restored.
Distributed Denial of Service, or DDOS, happens when a series of different flooding requests are sent to a website to disrupt its service or provide the visitors a terrible user experience. DDOS often occurs from more than one source, and the service is heavily targeted to provide a catastrophic effect.
Differences between DOS and DDOS?
Both DOS and DDOS attacks are commonly performed by people to perturb users, and it is not an intrusion of computer systems. Common DOS attacks are performed via simple search requests, hyperlinks, or WiFi systems, whereas DDOS attacks can occur via web pages or emails. DDOS attacks are extremely difficult to control because millions of sources, called Botnets, are used to perform this attack. The flooding requests of DOS attacks are usually less than DDOS, so it is comparatively easy to control or prevent. Botnets usually consist of devices, such as security cameras, that are rented or bought to deliver DDOS attacks. The victims' devices may be severely affected by malware, leading to a failure of the system for a long period.
A DOS attack is relatively easier to perform, where the source stays single, whereas DDOS attacks are a complicated process and require a higher level of expertise. Various defense systems and security protocols are targeted to make the targets dysfunctional, paralyzing millions of victims in seconds.
Types of DDOS attacks
Distributed Denial of Service or DDOS is commonly performed through these following methods:
- UDP Flood:- A UDP flood DDOS attack targets a user with User Datagram Protocol (UDP) Packets. The attack aims to flood the random ports on the remote host and send for an application listening. By the time the host discovers that there are no application requests, the server is disrupted, sending back an “unreachable packet.” The entire network consumes all the limit requests and exceeds its limit.
- Ping Flood:- In this attack, ICMP floods the host with ICMP requests, and without waiting for the replies, it continuously sends the requests. When the count exceeds the limit, the server fails and reaches a “Hang mode” for a while.
- SYN Flood:- This is an acute DDOS attack where the attackers send unlimited SYN requests from spoofed IP addresses and then ignore the ACK response. When the host cannot receive the ACK response, it continues to wait for the acknowledgment, rendering the service unavailable to the users. The SYN flood exploits the three-way handshake connection sequence of the TCP-IP model, where the SYN request has to be acknowledged with an ACK response.
Image Source: https
As we’ve seen, Cybersecurity is critical to implement in every IT system, irrespective of the purpose of the usage. A Cyberattack's impact is as devastating as a terrorist attack on a country, and it can threaten all important data and sources. The loss of such confidentiality can result in any business, or even country, whose security has been compromised. The mitigation of DOS and DDOS attacks have been performed by various Cloud Service providers, such as Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP). Security has always been a major issue in IT systems, and confidentiality should be protected by all means.