Understand DDOS ATTACK

-


DDOS stands for "Distributed Denial of Service"


A DDOS attack is carried out by a network of machines, hence the notion of distributed attacks

These machines have been corrupted beforehand by cybercriminals through the spread of malware.


This network of infected machines is also called botnet.


The cybercriminal will execute a DDOS attack by ordering the botnet to saturate the service with many requests until it becomes unavailable, It is the concept of denial of service.


DDOS can be on a specified service, it can also be a network link, an infrastructure, a website, an application, etc...

It is noted that with the rise of the IoT or Internet of Things DDOS attacks gain in intensity since cybercriminals enroll unsecured IoT equipment in botnets.


Denial of service will prevent real users of the service from using it.


Another variant is DDOS attacks based on reflection and amplification, In this case, the cybercriminals will use machines accessible on the internet and therefore not corrupted.

ddos attacks


These machines called "reflectors" are just intended to respond to requests from any source.


The cybercriminal will send requests to these reflectors using the victim's IP address as the source IP, the cybercriminal makes then an identity theft or rather an IP address.


The reflectors then think that it is the victim who made the request and they will therefore send their responses to the victim.

The reflectors will then create unsolicited traffic by the victim who then suffers a back attack.


Where this type of attack is dangerous is that there is an amplification effect. Indeed some protocols generate responses much larger than the request size.

We can for example cite the DNS protocols for Domain Name System or NTP for Network Time Protocol.

The amplification effect allows to saturate the victim's network bandwidth even faster, which results in denial of service.


The motives behind DDOS attacks can be very varied.


In the gaming environment where DDOS attacks are very numerous the goal is to slow down or even saturate the bandwidth of the other player, all this to prevent it from playing and in general the motive behind it is just either for fun or to piss off the other player.

Another case is the DDOS attacks which are carried out by the activists, we can take for example the case of the Anonymous group which DDOS attack campaigns against government or terrorist sites and there the motive behind it is rather convictions in particular the defense of individual freedoms.


Finally for companies, DDOS attacks are often the harbinger of a larger attack indeed cybercriminals often use DDOS attacks to test the defense and reaction capacity of companies.


DDOS attacks also allow cybercriminals to create a diversion to implement new malware at the same time or to extract data.

Here is a video explaining more in depth these fundamentals:


Understand_DDOS_ATTACK


Give me your opinion in the comments




Comments

Post a Comment

Popular Posts

Network Access Control NAC | IT NETWORKS

-
Image
Network Access Control NAC It's something that controls access to the network. And at its simplest level, this is what NAC does.  But if that's all that it was, then it wouldn't be fundamentally different from a network authentication and authorization server. Traditional authentication to the network follows the IEEE 802.1X standard that provided an authentication method to devices wishing to join a Local Area Network (LAN) or wireless LAN. 802.1X Wireless/Wired Authentication The mechanism was a port-based network access control which used agents, the software running on client devices that provide credentials to the authenticator to control access to the network. Another means to control access to a public network such as one serving a coffee shop or in a hotel, is a captive portal. If you've ever connected to a network in an airport, hotel, or coffee shop, you might recall interacting with a web page, sometimes agreeing t
Read more

CISCO : Dynamic Multipoint Virtual Private Network (DMVPN) | ITNETWORKS

-
Image
1- Definition   DMVPN is a technology that's used in secure networks exchanging data between them without needing to redirect traffic through a  headquarter  server  or router . Dynamic Multipoint VPN ( DMVPN ) is a Cisco IOS Software solution for building reliable IPsec Virtual Private Networks (VPN). DMVPN basically is a centralized architecture that provides easier management and implementation for deployments that need very specific access controls, authorizations and restrictions for diverse branches, users, applications and partners. DMVPN + IPSEC 2- Benefits DMVPN provides the ability to create dynamic VPNs without configuring static tunnels between remote peers, including Internet Protocol (IP), IPSEC and Key Management Protocol (ISAKMP peers).   DMVPN is designed  to make HUB-AND-SPOKE   topology  by statically configuring the hub IP address on the spokes, no other changes are needed  in the configuration ns of the hub to accept ne
Read more

Issues with CISCO WIRELESS Controller (And resolution) | IT NETWORKS

-
Image
On Cisco Wireless controller 5520, The Access POINTS try to join the Controller by bringing up a connection through the CAPWAP Tunnel, you can see these attempts through the AP log itself. The problem is that the DHCP server when trying to serve IP Addresses it shows the error BAD_ADDRESS in front of each IP assigned. So I Took a single access point, started debugging it, after that, I noticed that the CAPWAP connection was empty of errors BUT!! it was trying to resolve this name  CISCO-CAPWAP-CONTROLLER This resolution is made with DNS protocol, of course, I honestly wasn't so sure of what I was doing, so I added a new entry in my DNS server and it's corresponding IP was the Controller's after that magically all the Access Points where UP and showed UP on my controller. The controller I'm working with is the CISCO WIRELESS CONTROLLER 5520 Model:  AIR-CT5520-K9 Software Version:  8.3.150.0 Image of the controller Learn
Read more