Denial of Service (DOS) is one of the most common and easiest way of cyber-attack present today. You can use an IP anonymity/hiding along with a software and boom, you can do a denial of service. The simplicity of this attack is what makes it more dangerous. Anyone from anywhere can attack your servers, hence it is necessary to know about Denial of Service and how to protect ourselves from it.
What is DOS attack?
DOS or Denial of service is what exactly what is sounds. You deny service to legitimate users. There is no cracking, no data loss, no admin access nothing. You won’t even get access to any data on the network/server. All you do is deny the services to users.
How DOS attack works?
When you enter a website or query any server present on your network (DNS, DHCP, RADIUS, MySql) it responds to your query and moves on to the next client. When a server is responding to all queries, we can say the servers are up and running smoothly.
DOS attack includes a person or group of people deliberating sending a high number of invalid requests to a particular server until it is unable to handle them and eventually crashes. The server will keep replying to these invalid queries and will thus not be able to respond to the legitimate users denying them the service they are entitled to. This is done deliberately to bring down reputation of the company. When any company is not able to offer the services it promised, it loses its value and that is the main motive of attackers performing DOS attacks.
The attacker can attack a particular Router or Switch or even a DNS server of ISP which will be devastating for the ISP’s users as no one would be allowed access to Internet. In cases like these, swift actions should be taken to reduce and control the damage instead of panicking about what to do.
The attacker will be foolish to use his own IP to do this attack, since it can be easily traced back to him. So they use various IP hiding/changing softwares or a VPN to disguise their IP and location. The attacker can also install a RAT (Remote Access Trojan) in a victim’s computer and run the DOS attack from there, shifting the suspicion directly to the innocent victim.
In DOS attacks, the request base consists of only few client machines. There are various tools used for DOS attack, the most common being Low Orbit Ion Cannon (LOIC), where you just need to put the Website’s name/IP-address, the type of packet you wish to flood and speed and there you go, the software will flood that server with the type of packets you chose.
Types of DOS attacks:
There are many ways an attacker can execute a DOS attack on a server. Some of them are:
- Echo Chargen.
- DNS Attacks.
- Ping of Death.
- Syn Flood.
- Smurf.
- Tear Drop.
We’ll see each of this is brief in DDOS attack.
How to handle DOS attacks?
Prevention is better than cure. It’s always good to have a prevention method to handle a DOS attack if you ever encounter one.
- DOS attacks were pretty famous a decade back, but in today’s era of technology all the switches and routers have inbuilt DOS protection, which can discard the packets immediately if it senses a pattern from the source. Servers also have added features to cope up with DOS attacks.
- If the server administrator is alert and finds an anomaly in the working of one of the servers, he/she can intervene and stop the attack.
- If the server is upgraded and it can handle large amounts of traffic, it can easily detect the DOS attack on it and stop and blacklist the source instead of crashing immediately.
The information contained in this course is strictly for educational purposes and creating awareness. The author is not responsible for any actions whatsoever that readers might take based on this post. The one claim that author does make irrespective of any user or situation is that being knowledgeable is ALWAYS better than being ignorant.