Denial Of Service – DDoS | Part 2

Denial Of Service – DDoS | Part 2

Categorization of the DDoS attack

The purpose of this attack and saturate the backlog queue with a service activation requests (TCP SYN set) after the expiry of its timeouts and not allowing the victim to complete the 3-way handshake, so it will not be able to handle the legitimate SYN which will be denied service.

Types of DDoS attacks

* Direct attack: the attacker interacts directly with the victim in this case the attacker and the victim says the real is said the.
* Indirect attack: the attacker uses third parties to hit the victim in this case the attacker is said to reflect, third parties say they are victims of second level and the ultimate victim is the victim says the.


Historically, the Syn-Flooding is the founder of DoS attacks, which has its direct roots in the Ping of Death. The term SYN flooding, literally translated as “flood of SYN packets,” stems from the fact that every time a user clicks on a link on a web page requires you to open a connection (like TCP) to that site and this happens following a series of steps, the first of which consists in sending a TCP packet that requires opening a connection.

All the rules of operation of the TCP protocol requires that the system responds by allocating some resources (i.e., memory) for the connection. If you plan properly a simple PC, you can request the opening of several thousand connections per second, that “flooding” the servers, they quickly consume all available memory, blocking or crash.

And the problem with this type of attack is that the computer attacker must be able to send the flow of packets through the Internet connection to the server under attack.

Or the attacker must be able to provide the “credentials” to enjoy good access vulnerability arose in the OS and complete, effectively, the attack on the target site.

It crafted malicious packets with an IP address, forged the original, thus inflicting on the computer “vulnerable” situations, temporary, Denial of Service ‘as the connections that are normally available, both for good or for bad, are slow , this becomes impossible.

An example would be the following: the attacker, identified by the name of ETS, it sends a series of demands from his victim, identified by name CRI: the server machine on which the services are performed, will not be able to handle all requests and the service itself will crash, resulting in very slow first and then subsequently inaccessible. In this way, any user (identified by the username) will not be able to access services, receiving an error or request timed out.

Syn-Flood Attack uses instruments that fall into the category Tribe Flood Network (TFN) and works by creating connections that open to reveal half.

The protocol used in DOS and the classic ping, sending millions will be able to block the operation of any Web site, but is a model of attack “one”, for an outbound packet will match the reception of a single pack the targeted system.

It will be necessary so that crackers can have a large number of PC clients, “tested” but not so easy to “inoculate” the malicious code in a much higher number of machines due to the specific anti-virus, security patches and technical computer.


A more sophisticated modes of attack, known as Smurf attack, using a stream of small packets that can pass through a normal modem connection, and an external network, which has been misconfigured, which acts as a multiplier of packets, which are Finally headed toward the target end-long communication lines at high speed.

Technically, he is sent one or more broadcast packets to an external network made possible by a greater number of hosts and the sender address that points to the target (broadcast storm).

Example can be used an echo request ICMP (Internet Control Message Protocol) previously falsified materially from those implementing the computer attack.

Note that this attack is possible only in the presence of networks that have gross errors in system configuration (specifically in the configuration of routers) that connect with each other and the Internet.

Attacks from multiple hosts

In these attacks, the target is attacked simultaneously from multiple sources, making it difficult to trace the original attacker.



Leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.