What is a DDoS Attack?
In computing, a denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a machine or network resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.
Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers. This technique has now seen extensive use in certain games, used by server owners, or disgruntled competitors on games such as Minecraft. The term is generally used relating to computer networks, but is not limited to this field; for example, it is also used in reference to CPU resource management.
One common method of attack involves saturating the target machine with external communications requests, so much so that it cannot respond to legitimate traffic, or responds so slowly as to be rendered essentially unavailable. Such attacks usually lead to a server overload. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.
Denial-of-service attacks are considered violations of the Internet Architecture Board's Internet proper use policy, and also violate the acceptable use policies of virtually all Internet service providers. They also commonly constitute violations of the laws of individual nations.
Types of DDoS Attacks
- TCP SYN flood attacks
- ICMP flood attacks
- UDP flood attacks
- Spoofed source address/land attacks
TCP SYN Flood Attacks
TCP SYN floods are DoS attacks that attempt to flood an specific port, usually port 80 TCP for web servers, with new TCP connections requests. A TCP SYN flood attack works by sending SYN requests to the server and then deliverately not responding to the server with the expected ACK code. The amlicious client can either simply not send the expected final ACK, or can spoof the source IP address in the SYN, causing the server to send the SYN-ACK to a falsified IP address. The result is multiple unopened connections awaiting for client ACK. While the server waits for the ACK it increase the numbers of half-open connections that consumes the server resources resulting in a denail of service to legitimate traffic.
UDP Flood Attacks
UDP flood attacks can be initiated by sending a large amounts of UDP packets to a targeted IP address.Then, the host under attack will check for the listening port and as there is no application listening at that port it will reply with an ICMP Destination Unreachable packet. Usually this type of flood attack comes in large numbers of requests making the server to fail to further connections. Added to this there is the possibility that the source IP address is forged making the attack anonymous.
Spoofed Source Address
This is a DDoS attack where the source IP address of the attacker is spoofed. The attack involves sending a spoofed TCP SYN packet with the targe host's IP address to an open port. Since the attacker can simulate a huge amounts of spoofed IP address there is virtually no way to discover the real source of the attack.