Dos and DDOS are one the most popular and powerful attack which can cause loss of millions of dollar. Let’s understand the difference between Dos and DDos attack and What are the different types of Dos attacks are there.
What is DOS Attack?
Dos (Denial of Service) is a type of attack where the attacker floods the server in order to take it down. The goal of a Dos attack is to take down the server availability and make it unavailable to everyone. In simple words, the attacker flood target server with soo many requests until the server goes offline.
Why Server becomes unavailable because of a Dos attack?
Every computer system or server has some capacity which it can handle. For example, a server has RAM, CPU and other components that works to keep it working. When you send a request to the server, the server takes action to that request and reply back within some time based on its capacity.
but if you send multiple requests to the server at the one-time server will reply to the request one by one and it will take time for the server to reply to every request, because the server has limited capacity. Suppose the victim server can reply to 3 people at one time and 6 people send a request to it. Now the server will reply slowly because the number of requests is greater than it can handle.
At the same time if the number request increase then the server will not be able to reply to anyone and will be exhausted, Now the server will go offline because of too many requests. That’s how all things work.
DOS vs DDOS
DOS – DOS or Denial of Service is a type of attack where the attacker floods the server with single a system. in Dos attack Number of requests to the server is less.
DDOS – In Distributed Denial Of Service multiple systems do dos attack at one time to the one target. In simple terms, multiple systems target one system. A DDOS attack is more successful and has much better chances to take the server offline. DDOS is mostly done by a bot and C2 server.
The attacker creates any malware and infect soo many computers and control all the infected computer with one server called C2 or command and control server.
Types of DDOS Attack
Dos Attack can be done in multiple ways, how the request will be sent and what method can be used.
- Ping Flood – Ping work with ICMP echo request, Normally ping sends an ICMP echo request and the server reply back with ICMP echo reply. in this attack, the attacker sends too many ICMP requests to the server.
- Ping of Death – The attacker sends ping echo message with packet size more than allowed, The maximum ping packet size allowed is 65,535 but the attacker sends packet more than the maximum size.
- Smurf Attack – Smurf attack again uses the ICMP protocol. The attacker sends ICMP echo requests to the IP broadcast address with a spoofed source IP address of the target. The receiver of the ICMP packet will reply to our target because of the spoofed source IP address.
- UDP Flood – The attacker sends the UDP packet on the random port to the target server. The target server check the application with the UDP packet but get nothing and reply back to the attacker with
Destination Unreachable. Attacker flood the server with this process.
- HTTP Flood – HTTP flood is a layer 7 (OSI model) based attack where attack sends the HTTP request to the server. It could be an HTTP-GET or HTTP-POST request.
- SYN Flood – SYN flood or half-open attack exploits the TCP handshake. the attacker sends the
SYNpacket to the server and the server reply
SYN/ACKand waits for the
ACKpacket and keeps the connection alive. but the server never receives the
ACKpacket. Mostly server sends a
SYNpacket with spoof source IP.
Mitigation of DOS Attack
- CDN – the Content delivery network is one of the methods to prevent DDOS attacks. in divided the network traffic geographically. It distributes the traffic based on their location.
- Monitoring – Monitoring means checking the traffic flowing to the server. monitoring the traffic will allow you to find the malicious traffic and based on you can take actions like blocking the IP address and malicious pattern.
- WAF – A Web application firewall allow you to monitor the HTTP traffic and sits in front of your server and also protects you from other web application attacks.