DoS and DDoS attacks A Denial-of-Service (DoS) attack is an attack intended to close down a computer or network by making it unreachable to its intentional users. These attacks have achieved by spilling over the aimed computer or network with traffic, or with distribution of information that activates a crash. In both cases, the DoS attack restricts legitimate users to use the service and computer. There are two common ways of DoS attacks that are flooding services and crashing services. Flooding means, the system receives excessive amount of traffic for the server to buffer that cause system to slow down and stop (Denial of Service Attack, n.d.). Other DoS attacks normally take advantage of bugs or faults that cause the target system to crash. The examples of flood DoS attack include Buffer overflow attacks and SYN flood and examples of crash DoS attack are Teardrop and Ping of Death.
Most of the time the causes of the attack are unknown and victims never understand why it happened. Main cause of DoS attack is to target very high-profile websites. However, if the attacked website is not a high-profile, a competitor or an employee does it for the purpose of financial gain or revenge. In addition, it can only the name confusion with the well-known organisation, sometimes attackers attack less secure websites to polish their skills and sometimes there is no noticeable reason for a DoS attack (Zeltser, 2011).
Distributed Denial of Service (DDos) DDoS attack is a kind of DoS attack that occurs when multiple systems organize a synchronized DoS attack to a particular target. The main point in this attack, the attacker attacks one system from multiple locations. The sharing of hosts that describes a DDoS gives many advantages to the attacker such as control of many machines to complete a seriously disturbing attack and it is difficult to recognize the attacker due to multiple locations. These attacks are of three types Volume Based Attacks, Protocol Attacks and Application Layer Attacks. The DDos attack launched by CyberBunker, deliberated the world’s Internet.
Preventing Denial of Service Attacks
The present security technologies can prevent many types of DoS attacks. However, prevention from DDos attack is still not available due to its distinctive characteristics. Fast detection and response can prevent DoS attacks and response will usually be a set up of scalable communications to attract the attack, till the identification and blocking of the source (Weiss, 2012). Protection from Denial of Service attacks can use the mixture of attack recognition, traffic categorization and response equipment. This arrangement is use to stop the illegitimate traffic and only allow legitimate traffic and will achieved with the help of prevention and response tools such as Firewalls, Switches, Routers, Application front end hardware and Intrusion-prevention systems (Prevent Denial of Service (DoS) Attacks, n.d.).
Set up the rule for Firewalls that can allow or deny protocols, ports or IP addresses, then the firewalls can prevent from simple attack coming from unusual IP addresses. With the help of rate-limiting and ACL ability of switches, the DoS attack such as SYN flood can be prevented using switches.
Routers too have rate-limiting and ACL ability that can help to prevent flooding (Brindley, 2002).
In addition, Intrusion-prevention systems are helpful if the attacks have signatures connected with the attack and IPS works only on content recognition DoS attacks. DoS Defense System stops the connection-based DoS attacks which seem to legitimate but disruptive plan. A DDS can give protection from protocol attacks and rate-based attacks (Brindley, 2002).
A specially targeted DDoS attack is unfeasible to prevent. However, there are excellent and effective tools that can help moderate the impact of this attack.
Brindley, A. (2002). Denial of Service attacks and the emergence of ?Intrusion Prevention Systems?. SANS Institute InfoSec Reading Room, 1(4), 1-11. Retrieved from http://www.sans.org/reading-room/whitepapers/firewalls/denial-service-attacks-emergence-intrusion-prevention-systems-818
Denial of Service Attack - Prevent DoS Attacks with Palo Alto Networks. (n.d.). Retrieved February 17, 2014, from http://www.paloaltonetworks.com/resources/learning-center/what-is-a-denial-of-service-attack-dos.html
Prevent Denial of Service (DoS) Attacks. (n.d.). Retrieved February 18, 2014, from http://www.applicure.com/solutions/prevent-denial-of-service-attacks
Weiss , A. (2012, July 2). How to Prevent DoS Attacks - eSecurity Planet. Retrieved February 17, 2014, from http://www.esecurityplanet.com/network-security/how-to-prevent-dos-attacks.html
Zeltser, L. (2011, September 28). 8 Reasons for Denial-of-Service (DoS) Attacks [Web log post]. Retrieved from http://blog.zeltser.com/post/10775687288/reasons-for-denial-of-service-attacks