Scribd
Upload
34 views9 pages

Module 10

cybersecurity notes

Uploaded by

riteshpunia08
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
34 views9 pages

Module 10

cybersecurity notes

Uploaded by

riteshpunia08
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

Module 10:

DENIAL-OF-SERVICE

#01 What is DoS Attack?


A Denial of Service (DoS) attack is a type of cyber-attack that aims to make a
website or network resource unavailable to its users. In this attack, a single
computer sends a large amount of traffic to the target computer and causing
it to crash or become unresponsive.

 What is DDoS Attack?

A Distributed Denial of Service (DDoS) attack is a more sophisticated version


of a DoS attack. In this attack, multiple computers are used to flood the
target computer with traffic, making it even more difficult to defend against.
The computers used in a DDoS attack are often part of a botnet, which is a
network of computers that have been infected with malware and can be
controlled remotely by the attacker.
 There are several types of DoS and DDoS attacks,
including:

 Ping of Death: This attack involves sending an oversized packet to


the target computer, causing it to crash.

 Teardrop Attack: This attack involves sending fragmented


packets to the target computer, causing it to crash.

 SYN Flood: This attack involves sending a large number of SYN


requests to the target computer, overwhelming it and causing it to
crash.

 Smurf Attack: This attack involves sending a large number of ICMP


packets to the target computer, overwhelming it and causing it to
crash.
#02 Botnets: --->>>

The term “bot” is a contraction of “robot” and refers to software applications


that run automated tasks over the internet. Attackers use bots to infect a
large number of computers that form a network, or “botnet”, allowing them
to launch DDoS attacks, generate spam, spread viruses, and commit other
types of crime.

 Bots are software applications that run automated tasks over the
Internet and perform simple, repetitive tasks, such as web spidering
and search engine indexing.
 A botnet is a huge network of compromised systems and can be used
by an attacker to Lauch denial-of-service attacks.
#03 Dos/DDoS Attack Techniques: --->>>

1. UDP Flood Attack: ---

 An attacker sends spoofed UDP packets at a very high packet rate to


a remote host on random ports of a target server using a large source
IP range.
 Legitimate applications are inaccessible by the system and give an
error reply with an ICMP “Destination Unreachable” packet.
 This attack consumes network resources and available bandwidth,
exhausting the network until it goes offline.
2. ICMP Flood Attack: ---

 Network administrators use ICMP primarily for IP operations and


troubleshooting, and error messaging is used for undeliverable
packets.
 ICMP flood attacks are a type of attack in which attackers send large
volumes of ICMP echo request packets to a victim system directly
or through reflection networks.
 To protect against ICMP flood attacks, set a threshold limit that invokes
an ICMP flood protection feature when exceeded.
3. Ping of Death Attack: ---

 In a Ping of Death (PoD) attack, an attacker tries to crash, destabilize,


or freeze the targeted system or service by sending malformed or
oversized packets using a simple ping command.
 For instance, the attacker sends a packet which has a size of 65,538
bytes to the target web server.

4. Smurf Attacks: ---


 In a Smurf attack, the attacker spoofs the source IP address with
the victim’s IP address and sends a large number of ICMP ECHO
request packets to an IP broadcast network.
 This causes all the hosts on the broadcast network to respond to the
received ICMP ECHO requests. These responses will be sent to the
victim machine, ultimately causing the machine to crash.

5. SYN Flood Attack: ---

 The attacker sends a large number of SYN requests with fake source
IP addresses to the target server (victim).
 The target machine sends back a SYN/ACK in response to the request
and waits for the ACK to complete the session setup.
 The target machine does not get the response because the source
address is fake.
 SYN flooding takes advantage of a flaw in the implementation of the
TCP three-way handshake in most hosts.
 When Host B receives the SYN request from Host A, it must keep track
of the partially opened connection in a “listen queue” for at least 75
seconds.
 A malicious host can exploit the small size of the listen queue by
sending multiple SYN requests to a host, but never replying to the
SYN/ACK.
 The ability to delay each incomplete connection for 75 seconds can be
used cumulatively as a DoS attack.
 Dos/DDoS Attack Tools: --->>>

 High Orbit Ion Cannon (HOIC)


 Low Orbit Ion Cannon (LOIC)
 XOIC
 HULK
 Tor’s Hammer
 Golden Eye
 DDoS-Ripper
 Dos/DDoS Protection Tools: --->>>

 Anti DDoS Guardian


 DDoS Protection
 DDoS-GUARD
 Cloudflare
 F5 DDoS Attack Protection

 DoS/DDoS Protection Services: --->>>

 Akamai DDoS Protection


 Kaspersky DDoS Protection
 Stormwall PRO
 Nexusguard

You might also like