DOS and DDOS are two kinds of cyber attacks that harm businesses and organizations. They can cause monetary loss and damage to reputation.
A DOS attack comes from a single device or computer, whereas a DDOS attack involves multiple devices and can be harder to moderate. There are several ways that companies can reduce the risk of a DOS or DDOS attack.
ICMP Flood Attacks
The attacker uses many ICMP echo requests or ping packets, overwhelming the target device and consuming significant bandwidth. Attackers send these packets quickly without waiting for a response, making it impossible for the attacked device to function normally.
The ICMP flood attack can be used alone or alongside other DDoS attack vectors to create multi-vector attacks that are more difficult to mitigate. These attacks can cause network congestion and prevent regular traffic from reaching the target device, rendering it inaccessible to end users.
The difference between DOS and DDOS is that it involves multiple systems. The attackers can be from different locations, and their coordinated attack volume makes it hard for victims to pinpoint the source of the malicious traffic. In addition, the attackers can use secondary devices — known as zombies or bots — to execute the attack. The attackers can then remotely manage and control these secondary devices via a command and control server.
For example, suppose 55 classmates agree to call their mother simultaneously during lunch break. The mother can block 55 numbers instantly but cannot block all the calls simultaneously. The students who agreed to this are referred to as a group, and the computer collection that makes up the botnet is called a herd. This type of attack is commonly used in cyberbullying and trolling to cause harm to others or have fun.
Buffer Overflow Attacks
Buffer overflow attacks occur when a hacker writes more data into a buffer than it can hold. That extra information spills over into other parts of the program’s memory, which could change how the program works or reveal sensitive data. It also allows hackers to run arbitrary code in the buffer’s return address or EIP.
These attacks can be caused by various factors, including memory-safe programming languages that don’t do enough to prevent buffer overflows or legacy components that don’t support modern security protocols. You can help prevent buffer overflow attacks by using a secure development environment and applying security patches regularly. You could also use programs that are bounds-checked and don’t depend on libraries or standard functions that aren’t bounds-checked.
Some of the most superficial DoS attacks are based on brute force, flooding the target with an overwhelming flux of packets that oversaturate connection bandwidth or deplete system resources. These attacks can be sustained over long periods by attackers controlling several powerful network resources.
DDoS attacks can be carried out for various reasons, from financial gain to simply showing off to peers. However, many of these attacks are motivated by a desire to cause embarrassment or distress to organizations with which the hacker has a grievance. Whether ideological (such as animal testing), political, personal (disgruntled ex-staff), or something else, DoS and DDoS attacks aren’t just embarrassing; they can damage businesses too.
Ping of Death Attacks
Pinging allows devices to double-check that they’re communicating with each other as intended. Unfortunately, hackers can also use the ping command to perform denial-of-service attacks against their targets. These attacks send malicious data packets to a target server, and when the server processes them, it encounters an error that causes it to crash or freeze.
Hackers can exploit various hardware and software vulnerabilities to carry out these attacks. The most common types of ping attacks include ICMP floods and SYN floods. Both attacks rely on spoofing a network to overload it with traffic. While many experts believe ping of death attacks have been made obsolete by modern technology, they’re still a concern and can cause severe business problems.
Cybercriminals create ICMP packets more prominent than the maximum allowed size to launch a ping-of-death attack. They then break the ICMP packet into smaller segments before sending it to the target machine. When the target computer tries to put the fragments back together, it runs into a buffer overflow and crashes or freezes.
Another way hackers can perform a ping-of-death attack is by using a botnet. It is a group of computers infected with malware and controlled by a bot herder. The bots are then used to flood a website or application with traffic, making it difficult for people to access the site.
SYN Flood Attacks
SYN flood attacks are joint DDoS attacks and exploit part of the TCP three-way handshake. Typically, when a client requests a connection to a server, it sends an SYN packet, and the server responds with an SYN-ACK packet. The attacker can trick the host system into not sending an ACK by either not responding to the SYN-ACK or spoofing the source IP address on each packet of the SYN. The hostile client then keeps a connection on the targeted server, consuming resources that legitimate traffic could otherwise use.
Every TCP communication session between a client and server starts with the standardized TCP three-way handshake. The client sends an SYN (synchronize) packet, and the server sends an SYN-ACK (synchronize acknowledgment) packet to confirm that it’s received the SYN packet. Then, the client sends a final ACK packet to establish communications.
Cybercriminals use SYN flood attacks to take down servers by flooding them with SYN packets that are never acknowledged. It overloads the servers and prevents them from processing new client connections, making the server inaccessible to users. The attackers can also spoof the attacking device’s IP address, making identifying their attribution and mitigating the attack challenging. It is known as a spoofed SYN flood attack.