Week 4. DDoS! What, When and How
In one of the posts in a previous week, the hacker used DDoS as one of the attack strategies. Let's talk about it a little bit. What is it? When is it used? And how is it used?
DDoS stand for distributed denial of service. So what is denial of service mean, and why is it called distributed? When a user browses the web, the browser sends the request to the webserver; The webserver look at the request, process it and send back a response to the browser. The web server keeps doing that for each request it receives. When one machine sends many consecutive requests, the server will have to finish all of those messages before processing others. Therefore requests from other computers will timeout based on the underlying communication protocol specification. That is called denial of service. One of the ways to prevent denial of service attack is to limit the number of requests from the same source within a specified time. This method reduces the consumption of the bandwidth from one source, allowing others to have their chances. Some strict configuration policy can even block the remote machine when DoS is detected. While the server is cable of handling one source, it won't be able to handle many sources. The hackers figured out this technic, so they use many sources to attack the target. When encountering attacks from many directions, the server won't be able to do anything else but reject and block the attacking sources. That is when the DDoS terminology was born.
Hackers who use DDoS attack are no amateur. They are a team or even from an organization. Before using the DDoS tactic, hackers already compromised many machines and keeping them ready for the right moment. Some may use DDoS for blackmailing. Other may use it for defeating competitors. While it is not effective as ransomware, DDoS probably be used as ransom technic. The hackers attack a particular target, bringing it down and demand a ransom. Another use of DDoS is a decoy. Hackers use DDoS to distract security personnel while they perform other activities.
I think one way to prevent a DDoS attack is to have smarter, better routing, firewall, and policy. The one that can detect, response automatically. A server with such capability should be able to sustain services.
DDoS stand for distributed denial of service. So what is denial of service mean, and why is it called distributed? When a user browses the web, the browser sends the request to the webserver; The webserver look at the request, process it and send back a response to the browser. The web server keeps doing that for each request it receives. When one machine sends many consecutive requests, the server will have to finish all of those messages before processing others. Therefore requests from other computers will timeout based on the underlying communication protocol specification. That is called denial of service. One of the ways to prevent denial of service attack is to limit the number of requests from the same source within a specified time. This method reduces the consumption of the bandwidth from one source, allowing others to have their chances. Some strict configuration policy can even block the remote machine when DoS is detected. While the server is cable of handling one source, it won't be able to handle many sources. The hackers figured out this technic, so they use many sources to attack the target. When encountering attacks from many directions, the server won't be able to do anything else but reject and block the attacking sources. That is when the DDoS terminology was born.
Hackers who use DDoS attack are no amateur. They are a team or even from an organization. Before using the DDoS tactic, hackers already compromised many machines and keeping them ready for the right moment. Some may use DDoS for blackmailing. Other may use it for defeating competitors. While it is not effective as ransomware, DDoS probably be used as ransom technic. The hackers attack a particular target, bringing it down and demand a ransom. Another use of DDoS is a decoy. Hackers use DDoS to distract security personnel while they perform other activities.
I think one way to prevent a DDoS attack is to have smarter, better routing, firewall, and policy. The one that can detect, response automatically. A server with such capability should be able to sustain services.
Comments
Post a Comment