A properly placed denial of service attack can shut down a business. In this video, you’ll learn about the different DoS attacks and how they can be distributed using botnets.
<< Previous Video: Social Engineering Attacks Next: Zero-Day Attacks >>
A denial of service is when some type of external force is causing a service to fail. This is very commonly caused by overloading a service in a particular way. But that is not the only way to cause a denial of service.
A denial of service, or a DoS, might be caused by a vulnerability in a particular kind of software. And sending just the right packet to that particular service may cause that service to suddenly become unavailable and therefore be a denial of service. There are some unethical third parties who will overload their competitors’ systems in order to gain a competitive advantage, or someone might be performing a denial of service in order to perform some other type of vulnerability elsewhere in the network. Ultimately the denial of service doesn’t even have to be technically complicated. Someone simply turning off the power to a building would effectively create a denial of service.
We often think of denial of service as being a third party who’s trying to attack us. But unfortunately, we’re very good at creating our own denial of service internally within our own networks. For example, if you plug two switches together and then you plug those two switches together again, you will create a loop. And if you’re not running spanning tree protocol on that network, all of your traffic will continue to loop around and loop around that network until you break that loop. This will effectively bring your network down, creating that denial of service.
You might also create a DoS if you overload your network connections. Many internet connections have limited bandwidth availability. And if someone starts downloading large amounts of data, you can easily create an overload situation that would prevent anyone from using that network connection.
And I’ve personally worked in organizations where a broken water line on a higher floor will send water through the ceiling of a computer room. This can certainly create a denial of service where all of your equipment needs to be turned off and stored away so that the water does not cause any damage.
It’s very common for a denial of service to come from many different places simultaneously. We call this a distributed denial of service, or a DDoS. This is where multiple devices will all send traffic at the same time to one central point to overload all of the resources associated with a server or a network connection. This is commonly done with botnets that might be thousands or even millions of devices that can all be coordinated to attack one single device simultaneously.
An example of this would be the Zeus botnet, which at its peak infected over 3.6 million computers. This allowed the owner of the Zeus botnet to be able to control massive numbers of devices and be able to create a distributed denial of service anywhere they want it.
Of course, with a botnet, the devices that are actually doing the attacking are zombie devices. They’re running malware on these systems. And the owners of these computers may not even realize there’s malware running on that device. It takes very few resources to be able to participate in a distributed denial of service, so the end user may be performing the normal daily tasks on their computer, while at the same time that computer is attacking another site.
It can be difficult to stop a distributed denial of service. There may be a common traffic pattern. And you might be able to set a filter on a firewall to stop that particular kind of traffic.
Very often, though, you need to go to your internet service provider. And they can start filtering further up the line, hopefully providing more resources to your internet network connection. And there are a number of third-party hardware and software solutions that are designed to help mitigate DDoS attacks. Some like CloudFlare setup a reverse proxy and are able to do detailed analysis of that traffic as it’s going by.
Category: CompTIA A+ 220-1002