DOS Attack is more like Kung Fu
When we punch someone once, maybe he can walk on his own feet but what about 10 Punches? Or 100? Or 1000?
He can get injured or maybe unconscious or even die.
Similarly, when we are using a website (watching the video, filling forms, or just clicking stuff) we are punching it once and the website runs normally.
But have you ever faced a situation like “The website is currently busy or unavailable”
It happens when a lot of people are punching it (using it), like when they announce our board results website often crashes because thousands of students try to check their results and the server can’t take that much load.
So how to crash a website without using thousands of people? Well, how can you punch multiple times in a small fraction of time? The answer is Kung Fu.
Well, we don’t need Kung Fu in case of websites/servers but a technique called DoS (Denial Of Service). This attack is used to crash the website or to make it slow.
There are many programs/scripts that can send many requests to a website in one second (like thousands of users are trying to open it in one second) and make it crash.
Well, when DoS is performed by many computers (or should I say devices?) simultaneously on the same server/website it is called a Distributed Denial Of Service (DDOS) Attack.
So now imagine 10 people punching one guy constantly…Can he survive?
No way man and it’s better than that Kung Fu (DOS Attack). DDOS is mainly caused by Botnets.
The botnet is a network of many hacked computers that are connected to a core computer from where a hacker can use all of them to perform DOS Attack and hence it will be called a DDOS Attack.
Types Of DOS Attack
There are Basically three types of DoS attacks
Kung Fu has different techniques like “Snake, Mentis, Dragon, etc.”
There is no best style as every attack has its own specialty. You can’t defeat all enemies with one type of attack (i will not talk about Tekken here).
Every opponent (website/server) has its own weakness so we have to choose our attack type according to the weakness.
1. Volume Based Attack:
In this attack, we simply send a large volume of packets to the target. This attack is used to saturate the bandwidth of the attacked website. The decrease in bandwidth means it will unable to serve other legitimate users trying to access the website. This attack includes ICMP floods, UDP floods, and other spoofed-packet floods.
2. Protocol Level Attack:
Simply, this type of attack directly attacks the server. It tries to eat up all resources of the server or intermediate systems as Firewalls, Intrusion Detection Systems (IDSs), etc.
This attack includes fragmented packet attacks, SYN floods, Smurf DDoS, etc.
3. Application Layer Based Attacks:
This attack is your “Special” attack as it targets the Layer 7. It can finish the target in minutes if the target is vulnerable to it. It targets the software (Application layer) like windows, OpenBSD, Apache, etc. A great example is Apache Killer, it is a program which targets Apache servers and is able to take them in less then in a minute if they have not applied the vulnerability patch.
So I tried to introduce you to DDOS attacks with this article. I hope you liked.
I will write more articles in this series soon like which tools are the best and what kind of..shh…its a surprise. See ya later mate.