This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Distributed Denial of service (DDoS) attacks and Denial of Service(DoS) have become a big problem for the users of computer system who are connected to the internet. Attackers pirate secondary victim systems making them to use and engage a large scale attack against primary victim systems. New steps are developed to extenuate or mitigate Dos attacks. The affects of DoS attacks are causing a major damage and spreading widely automatically by itself has made a vehicle for causing denial of service. DoS attack technology is emerging day by day and the conditions for changing or modifying the attacks have not changed in recent years. This report gives various detecting techniques and preventions against various DoS and DDoS attacks. The main boasts of each attack and countermeasure of defence system strategy are described.
Distributed denial of service is kind of attack that purposely attack the users by preventing them to use a particular network resource like website , web services or computers systems and overloading these systems with continuous flow of data packets from multiple sources and this results the systems in cable of extending the services that is being aimed. In other cases the target systems might fail to work or sometimes even crash and become unusable. The DDoS field is emerging quickly and it is becoming extremely hard to grasp a global view of the problem. Its being an huge threat to the web world. Attackers constantly modify their tools to pass these security systems and researchers in turn modify their approaches to handle new attacks. The services that are attacked are called as "primary victim", these systems which are compromised and used to setup the attack are called "secondary victims". It is more difficult to a network forensics to track down the real attacker.
1.2 Understanding Distributed and Denial of service
The two main approaches to deny a service are tapping a vulnerability present on the target system and this type of attack is called vulnerability attack or sending a large number of similar legitimate messages and this attack is called as flooding attack.
Some implementations of the 802.11 wireless access protocol have a vulnerability that allows an attack to deny services selectively to one user in the wireless network or promiscuously to all of them .In effect, the attacker can send a packet tot he wireless access point that claims to be from another user and that indicates that the user is finished and essentially wants to "hang up".
The two attacks are caused by huge number of messages by processing and consumes some key resource at the target. for eg. Complex messages might require long processing that takes CPU cycles, messages that are large consumes bandwidth and messages that communicates with other clients consumes memory.
The idea behind the DDoS attack is to send huge number of messages for a large number of individual systems that are connected to the internet. By doing this the victim or the recipient of this attack will have unreliable network access. Now a days in DDoS attacks a small set systems called agents control a huge amount of systems that are called daemons or zombies and thus these zombies systems will launch the attack when apprised by the agents. This large and huge number of systems can be obtained by any hacking procedure.
2.Classification of DDoS attacks
There are two main classes of DDoS bandwidth depletion and resource depletion
The attack which is designed to flood the network of the victim with unwanted traffic that prevents the traffic from reaching the system of the victim is called bandwidth depletion attack and this can be divided to flood attacks and amplification attacks. The attack which is planned to bind or connect up the resources of victim system is called resource depletion attack and this is divided to protocol exploit attacks and malford packet attacks.
DDoS attack can be classified in to two types direct attacks, in which the attacker directly involved in the attack with a spoofed ip address. Reflector is an indirect in which nodes are intermediate and used to launch the attack. It is an IP host that will return a packet if sent a packet.
3.Countermeasures and Defence Mechanism
It is now clearly understood that DDoS attack is a complicated and crucial problem. Tools which are used for the attack are growing day by day and its being as simple that any one can implement DDoS attack. To prevent this attack successfully a proper steps and strategy should be followed. It is known that the attack is a three stage process that are detection, segregation and mitigation. In detection where the attack has been occurred is identified , in the second a i.e segregation the attack flow and data flow will be controlled and in third, finally the attack is traced and removed this id done in mitigation.
As said in the above figure there are two types of traffic attack exist in the execution method, They are control traffic and other one Attack traffic. These existed traffic attacks are mainly caused by the attackers who are mainly using the clients systems called as agents and these agents in thru use more wide systems called as Zombies. These packets in the network traffic are shown and treated by packets. The first one indicated the packet frequency and the next one measures the actual bandwidth used. During analysis of traffic they are two tests 1. Persistence threshold test, 2. Bucket threshold test
3.1.1 Persistence Threshold test
There are two types of thresholds used in this test, rate threshold to note the bandwidth and other persistence threshold which note the time and noted in regular interval
For example, if the average traffic volume of a website using a T-3 line into t he past week is 5 Mbps and our tolerance level is 4.0, then the system would trigger an alarm when the traffic volume exceeds 20 Mbps, the system would instead use the ceiling value of 40.26 Mbps (44.736 Mbps x 0.9) .
3.1.2 Bucket Threshold test
This is test which is much better the persistence threshold test as in this the network will be continuously intervened by the attacker and the user and a client will know that some external user is being attacked and raised an alarm where as in he persistence threshold does not happen. In order to solve this issue another test called bucket threshold is used. for every one minute the system will be monitored. Lets check this out in the figure 2, which is dramatically represented.
Once the attack is detected and the alert is generated now its time to block the unwanted traffic for this the used traffic must be separated from unused traffic. This processes is carried out in segregation method. This allows the unwanted malicious traffic aside and protects the network from huge dataflow. The Table 1 here describes different attacks and their respective pattern
SYN Packet non SYN packet
RST>>non RST Packets
So, once the attack is detected and segregated with good and bad traffic now its time to reduce the intensity and sensitivity of the attack on the network. This can be done in two ways reactive mechanisms in which more research is going on in this field and the other is Proactive which is very costly. This reactive mechanism includes mainly Block at upstream and the other one is kill the Zombie.
As the DDoS attack is complex problem in the internet and creating huge network effect. Researches are doing there research on three main streams Detection, Segregation and Mitigation and this has made them easy to get solutions in this three directions. Various IDS based systems has been studied which are geographically distributed has proposed. The main research aim is to detect the attack immediately and finding the ways to prevent them quickly.
The attack and its techniques are developing day by day and there is no border for becoming the commander of DDoS Attacks.In order to face these attacks i suggest and propose three phase solution instead of taking only one phase solution. Collecting these three phases may increase the ways of preventing the attacks. Regulation methods which are in exist should be combines in order to provide better and faster results against DDoS attacks.