Sunday, November 6, 2011

A Brief Introduction To Internet Threat DDOS - By Chintan Gurjar

Why DDOS became a world's number one threat to IT Business?

What is DDOS?
DDOS is known as Distributed Denial of Service. DDOS attack is intent to cause a web service incurable, unavailable or unusable. Specialty of DDOS attack is that there is no limit of the number of the machines which are going to target a particular website or the host. The nature is in his name quoted "Distributed". In simple words the number of machines from the world sends unlimited number of connections to a particular single domain or the website. Suddenly traffic increases and that site or domain would not able to bare a sudden load and it goes down or temporary unavailable. Due to coming traffics from various IP addresses at a time, it is more difficult to detect and block traffic of all IP addresses.

Let's Go To Year 2000
First ever DDOS attack was faced by a famous search engine yahoo. Due to this attack yahoo got unavailable for 2 or 3 hours in worldwide. In a result of that yahoo had to face a big amount of loss in money in advertising revenue. E-Bay and CNN was also the victim of DDOS attack.

How Does Actually Attack Happen?
Here I have mentioned some common detailed steps that how this attack is actually done.
Step 1:-
First of all attackers scans a large amount of computers or networks for the open vulnerability. There are 65,535 port of any single machine. Attacker scans this all ports of each machine. This scenario is hard to accept theoretical but the logic is that this can be done within an hour with the automated tools. It can be done with the help of various port scanners. As a result of that port scanners gives attacker the list of the IP address of the machines on which the ports are open.

Step 2:-
As I have told, after the scan it gives attacker a vulnerable machine's ip address list. Then attacker decides to involve all machines in his attack. These systems are known as handlers. The common method of this is stack based buffer overflow. When this process is done then buffer gets overflowed. And the particular malicious data is stored on the Vitim's machine. This victim is not the real victim on which attacker is going to attack. He or she uses this victim to attack main victim. Now on that machine, attacker has his or her control. He can send commands to and the vulnerable machine will execute that command. This senerio doesn't happen to only one but it happens in 1000 or may be more vulnerable machines. That's why it is more difficult to catch the actual attacker in DDOS attack.

Step 3:-
After the gaining access to the system another attack is generated in order to take command in his/her hand whenever they want in future. This can be done with the help of RATs, Backdoors, Root kits or a Trojan

Step 4:-
Final attack takes place here. Hacker or attacker sends commands to their handlers or the vulnerable machines on which he has gained access. The attack can be in a manner of flooding.

For example if an attacker has command over 100 machines and if he sends instruction that each machines has to ping a particular websites 100 times then, simple calculation 100* 100 = 10000 hits goes to the website and it may go down.

To put in a nutshell, DDOs attack is very advance attack, executed by hackers to crash a whole network. There would be a large number of impact goes on a business like cost impact, delay of work impact, E-Reputation impact. Internet became more users friendly and handy in last 15 years. So it is obvious that hacking activity will take place for a sure later or sooner. To cure this big flaw there should be a recruitment of the ethical hacker, network administrators and cyber security experts who has an ability to detect and mitigate the attack in organization. Because, prevention is better than cure.




Contact Information :- Chintan Gurjar

No comments:

Post a Comment