Denial Of Service – DDoS | Part 3

Denial Of Service – DDoS | Part 3

Distributed Denial of Service – DDoS

A variant of this approach is the DDoS (Distributed Denial of Service) from the same operation but made using numerous machines attackers, which together form a botnet.

The attackers tend not to be exposed directly, as for law enforcement would be relatively easy to go back to the computers used for the attack. The attackers to avoid detection and to have available a sufficient number of computers for the initial attack, a large number of computers infected with viruses or worms that leave back doors open to them confidential. The computers that are controlled by the attacker are called zombies.

All the infected computers become part of a botnet, freely available to the attacker: a note of interest is given by the distinction between what are the machines that are running a Windows operating system (called, in slang, rxbot) and those who running a Unix system, particularly suited to UDP Flooding (Flooding the protocol UDP).

A special feature of Windows zombies is given by the possibility for an attacker to program a Trojan capable of automatically spreading to a whole series of contacts on the infected computer (called, in slang, auto-spreading) contacts that are contained in address book and contacts for instant messaging programs such as Microsoft Messenger, allowing the zombie computers to infect, in a fully autonomous, the other machines which, in turn, become part of the attacker’s botnet.

When the number of zombies is considered appropriate, or when a given condition occur, the infected computer turn on and overwhelm the target server connection requests. With the advent of broadband, the phenomenon of DDOS is assuming alarming proportions, as nowadays there are millions of people with an Internet connection is very fast and permanent, but with little or no knowledge about computer security and countermeasures.

The greatest damage type DDoS attack is mainly due to the “asymmetry” that is created between “the” request and the responses correlated in a session DNS (Domain Name System). The flood of responses generated in the system will cause such a “flood” of traffic by making the server inadequate management of routine tasks online.

Moreover, at the target site, a response to a few kilobytes for each request containing only a few bytes, we obtain exponential amplification data channels that saturate the most spacious, accessible by DDoS levels hitherto unfeasible with other types of attacks DoS.

The default configurations, standard and “recommended” to Firewalls are useful only to counter “attacks” from outside barefoot, such as a company, but as network traffic handled by the DNS system is vital to address this type of attack you can not implement the same strategies used against attacks on Ping.

So the network manager must keep strictly under control and monitoring channels of data flow and to exclude the intervention or counter the action of a cracker, will reconfigure the DNS responsible for the site.



Leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.