A Distributed Denial of Service (DDoS) attack is an effort to form a web service or an internet site unavailable by overloading it with huge floods of traffic generated from multiple sources.

Unlike a Denial of Service (DoS) attack, during which one computer and one Internet connection is employed to flood a targeted resource with packets, a DDoS attack uses many computers and lots of Internet connections, often distributed globally in what’s mentioned as a botnet.

A large scale volumetric DDoS attack can generate a traffic measured in tens of Gigabits (and even many Gigabits) per second. We are sure your normal network won’t be ready to handle such traffic.

What are Botnets?

Attackers build a network of hacked machines which are referred to as botnets, by spreading malicious piece of code through emails, websites, and social media. Once these computers are infected, they will be controlled remotely, without their owners’ knowledge, and used like a military to launch an attack against any target.

A DDoS flood are often generated in multiple ways. for instance −

Botnets are often used for sending more number of connection requests than a server can handle at a time.
Attackers can have computers send a victim resource huge amounts of random data to spend the target’s bandwidth.

Due to the distributed nature of those machines, they will be wont to generate distributed high traffic which can be difficult to handle. It finally leads to an entire blockage of a service.

Types of DDoS Attacks

DDoS attacks are often broadly categorized into three categories −

Volume-based Attacks
Protocol Attacks
Application Layer Attacks

Volume-Based Attacks

Volume-based attacks include TCP floods, UDP floods, ICMP floods, and other spoofed packet floods. These also are called Layer 3 & 4 Attacks. Here, an attacker tries to saturate the bandwidth of the target site. The attack magnitude is measured in Bits per Second (bps).

UDP Flood − A UDP flood is employed to flood random ports on a foreign host with numerous UDP packets, more specifically port number 53. Specialized firewalls are often wont to filter or block malicious UDP packets.
ICMP Flood − this is often almost like UDP flood and wont to flood a foreign host with numerous ICMP Echo Requests. this sort of attack can consume both outgoing and incoming bandwidth and a high volume of ping requests will end in overall system slowdown.
HTTP Flood − The attacker sends HTTP GET and POST requests to a targeted web server during a large volume which can’t be handled by the server and results in denial of additional connections from legitimate clients.
Amplification Attack − The attacker makes an invitation that generates an outsized response which incorporates DNS requests for giant TXT records and HTTP GET requests for giant files like images, PDFs, or the other data files.

Protocol Attacks

Protocol attacks include SYN floods, Ping of Death, fragmented packet attacks, Smurf DDoS, etc. this sort of attack consumes actual server resources and other resources like firewalls and cargo balancers. The attack magnitude is measured in Packets per Second.

DNS Flood − DNS floods are used for attacking both the infrastructure and a DNS application to overwhelm a target system and consume all its available network bandwidth.
SYN Flood − The attacker sends TCP connection requests faster than the targeted machine can process them, causing network saturation. Administrators can tweak TCP stacks to mitigate the effect of SYN floods. to scale back the effect of SYN floods, you’ll reduce the timeout until a stack frees memory allocated to a connection, or selectively dropping incoming connections employing a firewall or iptables.
Ping of Death − The attacker sends malformed or oversized packets employing a simple ping command. IP allows sending 65,535 bytes packets but sending a ping packet larger than 65,535 bytes violates the web Protocol and will cause memory overflow on the target system and eventually crash the system. To avoid Ping of Death attacks and its variants, many sites block ICMP ping messages altogether at their firewalls.

Application Layer Attacks

Application Layer Attacks include Slowloris, Zero-day DDoS attacks, DDoS attacks that focus on A

pache, Windows or OpenBSD vulnerabilities and more. Here the goal is to crash the online server. The attack magnitude is measured in Requests per Second.

Application Attack − this is often also called Layer 7 Attack, where the attacker makes excessive log-in, database-lookup, or search requests to overload the appliance . it’s really difficult to detect Layer 7 attacks because they resemble legitimate website traffic.
Slowloris − The attacker sends huge number of HTTP headers to a targeted web server, but never completes an invitation. The targeted server keeps each of those false connections open and eventually overflows the utmost concurrent connection pool, and results in denial of additional connections from legitimate clients.
NTP Amplification − The attacker exploits publically-accessible Network Time Protocol (NTP) servers to overwhelm the targeted server with User Datagram Protocol (UDP) traffic.
Zero-day DDoS Attacks − A zero-day vulnerability may be a system or application flaw previously unknown to the seller, and has not been fixed or patched. These are new sort of attacks coming into existence day by day, for instance, exploiting vulnerabilities that no patch has yet been released.

How to Fix a DDoS Attack

There are quite few DDoS protection options which you’ll apply counting on the sort of DDoS attack.

Your DDoS protection starts from identifying and shutting all the possible OS and application level vulnerabilities in your system, closing all the possible ports, removing unnecessary access from the system and hiding your server behind a proxy or CDN system.

If you see a coffee magnitude of the DDoS, then you’ll find many firewall-based solutions which may assist you in filtering out DDoS based traffic. But if you’ve got high volume of DDoS attack like in gigabits or maybe more, then you ought to take the assistance of a DDoS protection service provider that gives a more holistic, proactive and genuine approach.

You must take care while approaching and selecting a DDoS protection service provider. There are number of service providers who want to require advantage of your situation. If you inform them that you simply are under DDoS attack, then they’re going to start offering you a spread of services at unreasonably high costs.

We can suggest you an easy and dealing solution which starts with an enquiry for an honest DNS solution provider who is flexible enough to configure A and CNAME records for your website. Second, you’ll need an honest CDN provider which will handle big DDoS traffic and supply you DDoS protection

service as a neighbourhood of their CDN package.

Assume your server IP address is AAA.BBB.CCC.DDD. Then you ought to do the subsequent DNS configuration −

Create a Record in DNS zone file as shown below with a DNS identifier, for instance , ARECORDID and keep it secret from the surface world.
Now ask your CDN provider to link the created DNS identifier with a URL, something like cdn.someotherid.domain.com.
You will use the CDN URL cdn.someotherid.domain.com to make two CNAME records, the primary one to point to www and therefore the second record to point to @ as shown below.

You can take the assistance from your supervisor to know these points and configure y

our DNS and CDN appropriately. Finally, you’ll have the subsequent configuration at your DNS.

Now, let the CDN provider handle all sort of DDoS attacks and your system will remain safe. But here the condition is that you simply shouldn’t disclose your system’s IP address or A record identifier to anyone; else direct attacks will start again.

Quick Fix

DDoS attacks became more common than ever before, and unfortunately, there’s no band aid for this problem. However, if your system is under a DDoS attack, then don’t panic and begin looking into the matter step by step.

So, this brings us to the end of blog. This Tecklearn ‘DDOS Attacks in Ethical Hacking’ blog helps you with commonly asked questions if you are looking out for a job in Cyber Security. If you wish to learn Ethical Hacking and build a career in Cyber Security domain, then check out our interactive, Certified Ethical Hacker Training, that comes with 24*7 support to guide you throughout your learning period. Please find the link for course details:

https://www.tecklearn.com/course/certified-ethical-hacker-training/

Certified Ethical Hacker Training

About the Course

Tecklearn’s CEH certification training course provides you the hands-on training required to master the techniques hackers use to penetrate network systems and fortify your system against it. In this training, you will master how to identify security vulnerabilities by inspecting network infrastructures and defend the malicious hacker with essential tools and techniques, advanced network packet analysis and system penetration testing techniques to build your network security skill-set and prevent hackers. We will train you on the advanced step-by-step methodologies that hackers actually use such as writing virus codes and reverse engineering so you can better protect corporate infrastructure from data breaches.

Why Should you take Certified Ethical Hacker Training?

The average salary for a Cybersecurity Specialist is $110,881 per year in the United States and INR 900,000 per year in India – Indeed.com
Global Cybersecurity industry is estimated to cross US$ 220 billion by 2021.
Today cyber security is one of the most important aspects for any organization. In today’s digitally-driven world every organization needs professionals who can keep the hackers at bay. Hence the salaries for certified ethical hackers are among the best in the industry.

What you will Learn in this Course?

Introduction to Ethical hacking

Scope of ethical hacking
Enterprise information security architecture
Introduction and PCI Data Security Standard Overview
Role of Security and Penetration Testers
Vulnerability assessment
Various cyber security laws
Penetration testing

Various aspects of Information Security

Information security attacks
OS attacks
Application level attacks
Phases and Concepts of Hacking
Information Security Law and Standards

System Hacking

What is System Hacking
Goals of System Hacking
Understanding the certified ethical hacker methodology
About Kali Linux
Hands On

Technology Standards

Introduction to F5 Technology and Terms
POS (Point of Sale), mPoS
What is GLBA Compliance
OWASP
Site monitoring Tools
Introduction to PCI DSS Standard

Semantics and Introduction to Footprinting

What is Semantics
Fuzzy Logic
Footprinting

Threats

Types of Threats
Threats against the Application
Threat modelling
Hands on

Threat modelling

Threat modelling with STRIDE model
Ways to Find Security Issues
Penetration Testing Tools
Modelling Models – Whiteboard Diagrams, Brainstorming, Structured Diagrams etc.
Trust Boundaries
Threat Trees
DREAD Model

Example of Attack

Vulnerability Scanning Tools

OpenVAS
Wapiti
Burp Suite Community
Metasploit

Threat Modelling with Different models

Various Threat Models
PASTA Model in Depth

Advanced concepts like network packet analysis

Network scanning
How to scan the network, overview of scanning
WireShark
Sniffing attacks
File Signature

Got a question for us? Please mention it in the comments section and we will get back to you.

581