This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Cyber world is now attacked by a smart and dangerous crackers. Millions of sites,users,network problems are oftenly occuring now a days.A major problem now a days we facing is denial of service attack.where legitimate user controls are hacked and managed by these attackers.This article gives a brief information regarding how a denial of service and DDOS will attack .how can we trace him back .We can't reduce this attack to zero but we some how can stop this attack by using reverse Firewall method which is explained in this article as a prevention technique..
Denial of Service Attack is the present dangerous attack in cyber world which stops the user to access information or services.it mainly concentrates on normal user computers,world wide web,network connections .DDOS attacker is very powerful in avoiding you to from accessing your emails,websites,online bankings etc..
Distributed Denial of Service (DDoS) uses a particular pattern that captures thousands of agents, sets up the controllers for an attack, and then vanishes. The controllers contact the captured agents after days or weeks to start droping thousands of attacks concentrating each and every a single system. They use address-spoofing packets to provide a false source address to make traceback difficult.
Fig: DDOS ATTACK
The DDOS attacker is a very smart and intelligent hyregarding implementation of Denial Od Service Attack on legitimate users. He first enters in to few user systems by the form of a virus or any other way and he/she will make those systems as master computers ie, the systems which acts as a slaves to this Smart attacker.
Then this master computers or servers will send bulk of messages or sends bulk of trojan horse or any other virus in to the billions of legitimate user computers and takes control of those computers as slaves. These slaves or also known as zombie computers.
So finally billions of spam emails are sent to any organisation or any stores or any bank etc.. through these zombie computers by trhe masters and at that time the victim doesn't known which email is a trusted and genuine so the the denial of service attack exists and the victim will be affected..this is how a denial of service attack occurs.
Fig:Architecture of DDOS
FIRST DDOS ATTACK :
In 1999 , yahoo was the first victim of ddos attack.due this was a major attack to yahoo .due to this it got a great loss..
Like a human the denial of service attack also has some characteristics. Lets us discuss them in the following lines:
ïƒ It do flooding in the network which will help a lot for the attacker to launch ddos attack and produce much traffic in the network which will slow down the services .
ïƒ Ddos has another type of character ie, to destroy the connections between the services or users.sometimes it makes the user not to get acces to the information in sites. And service like online banking also stopped.
ïƒ DDOS not only thinks about the network it can also concentrates on a system or a particular user.
ïƒ The persons who will use your resources illegally ie without permission are also comes under denial of service like for example
ïƒ some illegal storage of data is done by the intruder of any commercial software or data throught ftp area which makes consumtion of disk space and generating traffic in the network.
DDOS ATTACK ON OSI LAYERS:
Denial of Service attack mainly shows impact on three osi Layers. They are:
Let us dicuss them briefly-
1.SYN ACK: (TRANSPORT LAYER)
Set of sequence of messages will be exchanged between client and the server by establishment of tcp connection to server by the client.
The method of syn ack is explained below:
ïƒ FIRST: client system starts sending a SYN message to the server then the server send acknowledgement to the client as a reply to the SYN message by sending SYN-ACK message
ïƒ SECOND: Now a connection has been established by the client to respond with an ACK msg. Now a connection is established between the a local host and the server. The below figure shows local host and server connection establishment.
Client and server can now
send service-specific data
Now server sent a SYN ACK to the host but the host did not received any ACK msg yet.It is said to half-opened connection.actuallly server has an in built storage data structure to brief all unfinished connections. So these are all stored.
We can obsererve one thing in many cases, victims donot accept new incoming connections which can create a problem. In such type of situations, the attack does not crash existing incoming connections and it doen't allow outgoing network connections.
2.PACKET FLOODING DDOS ATTACKS (NETWORK LAYER)
Dos attack on Network Layer (ICMP echo request attack):
DDOS sends some duplicate or forged reuqests to some bulk of computers which will reply to the requests by,so the source address will be the taken from those bulk of computers to the targeted victim will flood the target.
ICMP Echo Request attacks send requests to the broadcasting addresses of various networks, which makes clients to send Echo Reply packets back.
Routers can also do ddos attacks by flooding NTP servers but it does'nt replace geographical situations.
3.PING OF DEATH (APPLICATION LAYER)
This is generally done by in different manner.Sending request for ICMP echo packets, or pings, to the targeted machine. The actual size of the ping is 64 to84 bytes.Pings are sent in packets larger than 65,535 bytes to the victim which cannot be handled by a normal user.. This phenonmenon is said to be one type of denial of service attack .its very famous because it was very simple when compared to the Unix command "ping -l 86600 my.ucf.edu". but routers and firewalls present in systems will try maximum to avoid this type of attacks.
ïƒ TRACING BACK ATTACKERS IP:
Actually this trace back testing will be dorting from the router, which is closest to the victiim and then tests upstream links until they determine which one is used to carry the attacker's traffic.This procedure is repeated recursively on the upstream router until the source of traffic is reached. This technique has a critical assumption that an attacker will be remained while tracing mechanism is completed.
the attacks will be categorised in different types like some may less than 10 minitues some may be 30 minitues and even 1 hour attacks also there but this method is not possible in real time detection systems.
These attacks can be traced back by "marking" packets Eeither probabilistically or deterministically with the address of the routers with which they use to traverse.
Therefore, the victim can use this marking information to trace an attacker back to its source.
METHOD FOR PREVENTING DDOS ATTACKS
ïƒ The Reverse Firewall
Generally a firewall work is to protect users computers from incoming packets.Where as in reverse firewall, it do not bother about incoming packets it mainly concentrate on outgoing packets mani reason to do this is to protect packets .
Packet Flooding is Stoped by this reverse firewall method. This will be very useful for the internet supporters who provide internet to the local hosts.
ISP uses DSL and cable to provide dedicated network connections .It's aim is to provide a high speed Internet access to the users.
Institutions mainly provide network connection within campus to communicate withn every one, along with high-speed Internet connectivity.
The functionality of the reverse firewall is to filter the outgoing packets.It Differs mainly regarding functionality ie,actually a genuine connection communication is two way communication where as packet flooding attack is a one way communication. Firewall differrs from other network communications, it varies the above two , because the traffic in between the user networks and the outside passes through it.
The attackers look for the fast internet access systems where these machines will give much support for attackers to do packet flooding at high rates.The Reverse Firewall reduces this type of attack which makes the connection ver slower like a dial up connection.therefore reverse firewall prevents some how from these zombies.
Deplyoment of reverse firewall :
Many organization's owners maximum tries to stop their users not to get attacked by the flooding attack. but this is not possible to reduce the entire problem .but we can prevent some how.
The bandwidth of the out going packets is traced by the attacker by using these zombie machines.due to this the bandwidth for a normal hosts no longer available in the network.If upstream providers collects amount for actual network usage. then attacker will directly increase the costs to the network owner. By using this method the infrastructure owner gains so many benifits so that the attacks distruct customers from other segments.
There is big pressure on many organizations to be Acting in advance to deal with an expected difficulty telling that they are not unaware hosts of DDoS attacks.
Finally this article can say that denial of service attack can be prevented by using a technique reverse firewall which can easily hekps us to find out the attacker also.In this Network cyber world cyber crime are more that we expect so we cannot give 100\% assurance to the attack prevention but there is chance to avoind or prevent from occuring of this type of attacks.