Platform to Showcase Innovative Startups and Tech News

Digg out

DDoS Attack Tutorial

DDoS attacks can prove fatal to any web-based business and cause significant losses. To avoid it at the first place, it’s important to understand DDoS Attacks and how they occur.

Do you remember the day when Twitter, the latest rage across the web right now wasn’t accessible to any of its users for tens of hours(and remained unstable for a couple of days). At the same time, many other popular web services such as Facebook and LiveJournal suffered a significant downtime due to similar cause.

And the cause was DDoS Attack.

A couple of days passed by and most of us forgot that fatal attack which almost killed Twitter for a while.

Even after creating such a havoc, there’s hardly(barring tech minority) anyone who may exactly be knowing  what DDoS Attacks are all about.

In this write-up, we would explain everything about DDoS Attacks, how are they invoked and how are they can be counter-acted.

What is DoS Attack ?

Denial of Service(DoS) Attack is a fatal attempt by an external agent to cause a situation where the actual resource(victim undergoing attack) becomes unavailable to the actual visitors or users. This is usually done by overwhelming the target victim with illegitimate traffic in the form of  broken/unsolicited page access requests.

Distributed Denial of Service(DDoS) Attack is an advance form of DoS where the attacking agents are distributed over the huge network (or internet)

How DoS Attacks are executed ?

DoS Attacks are usually executed by flooding the target servers with unsolicited data packets in unprecedented manner. This may be done by misconfiguring network routers or by performing smurf attack on the victim servers. This results in ‘Capacity Overflow’, followed by Max Out of system resources, which makes the target service unavailable, either temporarily or permanently(In case of hardware targeted DoS attack) to the intended users.

In case of DDoS attack, the origin of unsolicited data packets (for the purpose of flooding the bandwidth/resource of the victim servers) are distributed over a large network(or internet).

The overall mechanism of DDoS Attack involves a huge quantity of compromised network nodes (computers connected to internet), governed by agent handlers, which are further controlled centrally by the actual attacker.

The massive number of compromised computers on the internet are then unknowingly governed by the source attacker to demand access to the targeted victim within a minimal time span, which further causes saturation of limited system resources and results in eventual shutdown of the targeted service.

The most common method employed to compromise massive amount of user agents on the internet (to actually execute DDoS Attack) is by plaguing as many computers as possible over the internet with malware/trojan, meant for that particular purpose.

Such trojans can either spread via email attachments or via Peer-to-peer networks. Whatever be the method of spreading out, once the intended trojan is silently installed on the uninformed computer agent, that user agent has actually been compromised, which is then called as a Zombie or Botnet.

Further, it becomes a prerogative of the source attacker to indirectly command some or all its Zombie agents(or botnets) for demanding access to the target service.

What are other variants of DoS attacks ?

There are many other attacks of similar nature and purpose such as smurf attack, nuke bomb, ping of death, banana attack, phlashing among many others.

How are they counteracted ?

The best way to defend a web service from faltering due to DDoS attack is to keep backup resources of the system intact. As the aim of such attack is to max out system resources, if the system resources are already abundant and well prepared to face that sudden peak of traffic at any moment, most chances are that your web service will survive DoS (or even DDoS) attack.

What implications can DDoS Attacks have ?

If the attack is only limited to overwhelming and resource consuming traffic, the implications are limited to service unavailability for couple of hours (or few days in exceptional cases). This not only stresses the website administrators financially but also results in loss of market reputation and puts a question mark on the reliability of the web service.

In case of hardware targeted DoS Attacks, financial losses can magnify to great extent as hosting infrastructure has to be replaced on urgent basis (by brittany at tf online). This can also lead to critical data loss, if backup procedures aren’t up to the mark.

With more and more DDoS attacks happening these days, companies and Internet properties are using various types of DDoS Mitigation strategies to avoid any worst case scenario.

Update: For those who want to get expert information on DDoS attacks, here’s the recommended ebook you should buy:

Do you remember the day when Twitter, the latest rage across the web right now wasn’t accessible to any of its users for tens of hours(and remained unstable for a couple of days). At the same time, many other popular web services such as Facebook and LiveJournal suffered a significant downtime due to similar cause.
The cause was DDoS Attack.
A couple of days passed and most of us forgot that fatal attack which almost killed Twitter for a while.And leaving niche tech minority aside, there’s hardly anyone who may exactly be knowing  what DDoS Attacks are all about.
In this write-up, we would explain everything about DDoS Attacks, how are they invoked and how are they counter-acted.
What is DoS Attack ?
How DoS Attacks are executed ?
What are other variants of DDoS attacks ?
How are they counteracted ?
What implications can DDoS Attacks cause ?
22 Comments

22 Comments

  1. DoS Attacks

    October 8, 2009 at 11:54 am

    Good effort at explaining dos attacks.

  2. ajay

    November 6, 2009 at 9:44 am

    can you email some of the tools name for dos attack and step or methods to flood any site

    • Prashant Sharma

      November 6, 2009 at 9:57 am

      we know such softwares that eventually cause dos attacks but we wouldn’t like to recommend it, as there is nothing constructive that such tools can do.

  3. ddos attack

    February 10, 2010 at 4:34 am

    can you give me some soft or some imformation to attack by ddos
    i wanna do it

    • Prashant Sharma

      February 10, 2010 at 8:06 am

      Honestly, this article is meant to provide relevant information for self-protection sake, not for provoking or describing methods for executing a DDoS for destructive reasons…
      Pardon us but we won’t be able to give any info about executing DDoS.

  4. Jack Bottom

    April 15, 2010 at 2:22 pm

    Thanks for a great article. We used to get DDoS attacks but after we deployed an IntruGuard (http://www.intruguard.com) appliance, we haven’t had the pain.

  5. amit

    May 25, 2010 at 12:03 am

    can u plz send me some countermeasures ofdos attacks on email and network part like server

  6. coco

    June 10, 2010 at 4:21 pm

    teach me how to launching DoS?

  7. blah

    June 24, 2010 at 5:35 pm

    uhh dosing is not fun to do 🙂 it’s lame and its boring lol

  8. Grace after Grace

    August 19, 2010 at 11:55 pm

    Sir,

    I am a ph.d. student doing research in DDOS attacks in Wireless Mesh Networks. Request you to suggest some materials with practical details.

    Regards

  9. DL MEENA

    October 9, 2010 at 3:14 am

    Respected sir,
    I AM PH.D SCHOLAR. MY TOPC IS THAT
    “nOVEL SOLUTION FOR DISTRIBUTED DENIAL OF SERVICE ATTACK”
    Request you to suggest some materials with practical details.
    AND SUGGEST BOOKS RELATED THIS WORKS

    REGARDS
    DL MEENA
    FORMER LECTURER IN COMPUTER APPLICTION
    AGRASEN GIRLS PG COLLEGE HINDAUNCITY[KARAULI]-RAJASTHAN
    PRESENTLY WORKING AS PGT[COMPUTER SCIENCE] IN KENDRIYA VODYALAYA,MANDSAUR

  10. ketki arora

    November 6, 2010 at 1:15 pm

    hi
    i m doing research work in defending DDoS attacks, cn u pls provide me detailed info regarding DDos attacks occurred on twitter,facebook,livejournal etc in terms of

    duration of attack
    financial or other loss occurred due to attack
    intensity of attack in bps
    no of attacks
    other description.

    thnx

    • Prashant Sharma

      November 8, 2010 at 8:07 am

      @ketki I appreciate the fact that you’re doing research on DDoS attacks but as DDoS attacks are fairly dangerous, I would prefer to avoid giving any further info on DDoS. Also, regarding specific DDoS attacks on Internet juggernauts, there is very little information that’s available to outsiders as no company wants to give out details in its failure in defending such attacks..

  11. Nobody

    March 4, 2011 at 12:20 am

    The DDoS attack is not bad. not always. some websites deserve a good DDoSing or two. Would you mind at all emailing me what ever i may need to pull this off? im just some kid who types with two fingers, and wants to close down a neo-nazi site. cause nazies piss me off. so does the WBC,.. thank you regaurdless~

  12. Shikhar

    March 9, 2011 at 3:56 am

    Hi coco,

    You can use the tool from the below mentioned link to generate and analyse dos attack.

    http://www.socketsoft.net/products.asp?p=doshttp

  13. website hosting india

    March 14, 2011 at 8:12 am

    Thats really a good artcle but I think you should write some more about DDOS attacks, I mean you can write measures ti prevent it, such as CSF firewall and cisco dedicated firewalls

  14. john paul

    June 29, 2011 at 6:14 am

    can I do this DdOs attack
    ??

    • Prashant Sharma

      June 29, 2011 at 2:44 pm

      @john well, ddos attacks are distributed in nature and therefore, cannot be performed by an individual. However, an individual can still make use of botnets to perform ddos operation. But we really won’t recommend you to perform DDOS attack as it does no good and consumes resources of the website under attack.

  15. noname

    June 30, 2011 at 3:07 am

    guys, you could get charged with years of prison. it’s good to know about DDoSing but not doing it.

  16. Sgt.Roody-Poo

    February 24, 2012 at 11:33 am

    Im just now getting my feet wet with stuff like this, and already know how to DDoS on Source games. It’s much easier doing it to a VAC secured server than doing it to a website, because successfully DDoSing seems like it would take a few people. On the other hand, Most people who play on Steam usually have Latency of about 150-300, so the servers crash pretty easily. Great if an admin is giving you trouble because he thinks he’s god because he can ban you or mute you through console commands.
    Knowing how to do this, and how to bypass a VAC ban is priceless when you hear the Admin reactions when you come back about a million times, or crash the server cause they’re abusing.

    Love the article man,
    keep it up.

  17. ThatGuy

    May 15, 2012 at 10:11 pm

    ok one freedom of knowledge is still legal….
    2.i do not condone anyone using dos/ddos against any server not belonging to yourself…
    3.it is illegal to use it for other than testing against your own servers or networks…
    now with that being said there are actually quiet a few tools out there to test your own network…
    DOS TOOLS:http://lmgtfy.com/?q=Denial+Of+Service+Tools
    DDOS TOOLS:http://lmgtfy.com/?q=DDOS+Tools

    To List A Few Good Ones:
    DDOS:
    1.LOIC/HIOC
    2.Snake Bite

    DOS:
    http://packetstormsecurity.org/distributed/

Leave a Reply

Your email address will not be published. Required fields are marked *

To Top