Introduction
Who accompanies the news of technology and the Internet surely you have encountered with materials that cite attacks DoS or DDoS attacks to web sites or servers on the Internet. The motivations are the most diverse: protests, attempts of fraud, a dispute between groups that work online, among other. However, few really know what these actions mean,how they work and what their consequences are. For this reason, the AbbreviationFinder features the following is a brief explanation on the subject.
What are DoS attacks?
The attacks (DoS acronym for Denial of Service), which can be interpreted as “Denial of Service Attacks”, consist of in attempts to make computers – Web servers, for example – have difficulty or even be prevented from performing their tasks. To do so, instead of “invade” your computer or even infect it with malware, the author of the attack causes the machine to receive so many requests that this comes to the point of not being able to give an account of them. In other words, the computer is so overloaded that denies service.
Explaining figurative way, imagine that you use a the bus regularly to go to work. One day, however,a large amount of people “stuck in the queue” and got in the vehicle, leaving you so full that you and the other regular passengers not managed to enter. Or, imagine that you it has managed to get on the bus, but this was crowded to the point of not be able to exit the place due to the excessive weight. This bus just denying service to transport you to a site -, because it received more requests – in this case, passengers – of which it is capable of supporting.
The attacks Of the most common can be made due to some characteristics of the TCP/IP protocol (Transmission Control Protocol / Internet Protocol), it being possible to occur on any computer that you use. A form of attack quite known, for example, is SYN Flooding, where a computer try to establish a connection with a server by means of a signal from the TCP known as SYN (Synchronize). If the server answer to the connection request, it will send to the requesting computer a signal called ACK (Acknowledgement). The problem is that, in attacks of this type, the server cannot respond to all the requests, and then starts to refuse new requests.
Another way to attack common is the UPD Packet Storm, where a computer makes constant requests to that machine remote send response packets to the requestor. The machine is so overloaded that it cannot perform its functions.
Less frequent, another example of attack exploits flaws security in software, especially operating systems (hence the importance of always keeping them up to date and protected with security tools). In this type, a the attacker can crawl the network looking for machines vulnerable, and to send them packages that, for some reason, cause the system to stop their activity.
What are DoS attacks?
DDoS, short for Distributed Denial of Service, it is a type of DoS attack of major dimensions, namely that uses up to thousands of computers to attack a particular the machine, distributing the action between them. This is a way that appears constantly in the news, already that is the kind of attacks most common on the Internet.
DDoS attacks are performed for a long time and has already harmed the companies quite well-known. Historically, servers CNN, Amazon, Yahoo, Microsoft and eBay have already been “victims”. In December 2010, for example, the sites of the Visa, Mastercard and Paypal have suffered DDoS attacks, a group defending the non-existence of “censorship” on the Internet. In February 2012, attacks were executed against the web sites of Brazilian banks for reasons similar.
For attacks DDoS to be successful, it is necessary to if you have a large number of computers for which these are part the “army” that will be part of the action. One of the best ways found to have so many machines was to enter programs of DDoS attack virus or malicious software.
Initially, the organizers of DDoS attacks attempting to “enslave” computers acting as servers on the Internet. However, with the constant increase in the speed of access to the Internet because of the connections broadband, now that there was interest by the computers of the users domestic, as they represent an extremely large machinery and, often, can be “enslaved” more easily.
To reach the mass, that is, the huge amount of computers connected to the Internet, malware (ie viruses, trojan horses, etc.) were and are created with the intention of disseminating small programs for DoS attacks. Thus, when a virus with this power infects a computer, it is available to do part of a DoS attack, being that the user hardly know that your machine is being used for such purposes. As the amount of computers that participates in the attack is great, it is a rather complicated task to find out exactly what is the main machine of the attack.
A form of attack very common is the use of botnets, in a few words, a kind of network formed by infected computers that can be remotely controlled by the attacker. Therefore, the computers that comprise it pass the work of the already mentioned way “enslaved”.
In this form of attack, it is common to use computers home, since these are the majority, and many times, are not properly protected. Thus, it is more easy to infect them with malware that has instructions to cause the machine to participate in a DDoS attack.
When the computer becomes part of a botnet, this machine might be called a “zombie”. After the contamination, the “zombies” can get in touch with machines, “masters”, that in turn receive guidance (when, on which site/computer, type of attack, etc.) of a computer “attacker” or the “leader”.
A computer “master” can have under your responsibility even thousands of computers. Notice that, in these cases, the tasks DoS attack are distributed to an “army” machines “enslaved”, doing justice to the name Distributed Denial of Service (Distributed denial of Service).
Once infected, the computers then execute the orders they receive, as constantly sending data packets to a particular server until that this not be able to respond to so many requests.
To make the attack even more efficient, several techniques can be used. In one, the IP source of the packages used is changed to a sequence false, making difficult the discovery of the source of the action.
Combating DoS or DDoS attacks
As servers may have the structure and different features, not there is a magic formula that works in all implementations that you can avoid or combat the attacks of denial of service. Each case is a case, not to mention that, in the good most of the times, it is difficult to identify the problem. But it is possible to have some weapons to fight him, although none of them guarantees 100% of protection.
You can, for example, using filters that identify and block packets with IP addresses fake (anti-spoofing). Another idea it consists of using tools that help identify attacks, including IDS (Intrusion Detection System – System Identification of Intruders) and take some decision based on the information obtained, such as increasing the processing capacity (if possible), or limit the width band according to the type of data packet. Depending on the application, you can also use resources that are capable of identify a request is legitimate (by means of authentication, for example), and answer only to her.
As each case is different, the ideal is that there is a plan to combat the problem. In large-scale activities, such as hosting services sites, for example, a team of security well prepared, that you know well the structure of the application and tell with computational tools appropriate can be quite efficient in combating the attacks.
Ending
DoS or DDoS attacks are affairs quite recurrent, especially because there are several tools that assist in its execution, causing the number of cases it is not necessarily small. In addition, when a site known is affected, the issue becomes the agenda of the news easily.
This causes certain misconceptions to spread. When the target are sites of financial institutions, by example, there is the fear that customer data can be captured. However, DDoS attacks only “down” servers. For data capture, or impair the sites, it is necessary to there is some kind of invasion, which is much more difficult.
Worth mentioning that institutions of all sizes and home users can also run some actions to help prevent problems of the type: update software, protect the system with solutions security (firewall, antivirus, and the like) and put into practice other care can prevent their computers from being used as “zombies” in attacks, a situation that can even raise the consumption of resources and the traffic of the Internet access.
