DOS ATTACK
A denial-of-service attack is one security related event that comes into being when an attacker takes action that prevents authentic users from accessing targeted computer systems, devices and/or other network resources.
Denial-of-service (DoS) attacks particularly and characteristically flood servers, systems and/or networks with traffic in order to inundate the victim resources and make it difficult for the authentic users to use them. While an attack that crashes a server can often be dealt with successfully by simply rebooting the system, flooding attacks can be far more difficult to recover from.
The United States CERT which is computer emergency readiness team (US-CERT) provides some guidelines for determining when a DoS attack may be underway. US-CERT suggests the following may indicate such sort of attack:
- Degradation in network performance, especially when attempting to open files stored on the network or accessing websites
- Inability to reach to a particular website
- A higher than usual volume of spam emails
There are number of recovery actions that must be taken as a corrective measure to protect our system against this denial of service attack. One can also think this denial of service attack as a part of server itself so in that case it becomes the responsibility of Internet Service Provider to make aware that the problem with the system is in real DOS attack or the loss of performance is happened due to some other reason. The DOS attack can be reduced by changing the path of the malicious traffic or can also use the load balancer as a solution for weaken the crowd over that particular region.
There are some cases in which these DOS attackers asks for the extra payment to stop the attacks so that no more damage can happen. In general these attackers are not the one who want monetary benefits but they actually wants to have some for someone who is targeted or to the enterprise. But to be well known with the actual reason of the DOS attack it is necessary to have the identification of the attacker.
DOS attacks are normally the distributed one means the traffic is coming from multiple sources. And it is easy to diminish attacks from single source because in that case it becomes possible for the defenders to block traffic from single source as compare with the attackers from different attacking sources because there is the problem in identification of the system.
Different categories of DOS attack
- There are number of different methods for the DOS attacks on the basis of the one uses for attacking the system.
- There is an Application layer attack in which there is the formation of fake traffic to some application servers. But on the other side there are some Application layer DOS attacks which depends only on the profusion or abundance of the network data on some application servers.The main aim of this DOS attack is to upfront the lacks in the victim’s server.
- Another attack is butter overflow and it is mostly used as DOS attack because it works by sending the traffic in the huge quantity and this quantity is generally much higher than the ever estimated traffic for that network.
- One is Distributed DOS attack in which the attackers attacks by using different network connected devices.
- The Ping of death attack is the one in which the request for the messages are sent in some way in oversized format so that the targeted system becomes overloaded.
- Another attack is the SYN flooding in which a connection is made with the server by the clients.
Volumetric DOS attacks aim to interfere with legitimate access to network resources by using up all the bandwidth available to reach those resources. In order to do this, attackers must direct a high volume of network traffic against the victim's systems. Volumetric DOS attacks flood victim devices with network packets using the user datagram protocol or the internet control message protocol, in large part because those protocols require relatively little overhead to generate large volumes of traffic, while, at the same time, requiring nontrivial computation on the part of the victim's network devices to process the incoming malicious datagram.