What is DOS?
Denial Of Service attacks are the type of attacks on a server to prevent users from consuming a particular service on that server usually most of the time
These attacks could happen by either saturating the bandwidth of the server or just bringing the server down.
So the server stopped taking requests altogether and that was the goal of DOS- Denial Of Service attacks.
In this post, we will learn about Three different types of DOS attacks and explain each one of them by example.
Types of DOS Attack
So here are the Three different types of Denial Of Service attack.
1.Bandwidth based DOS
2.Max connection based DOS
3.Vulnerability based DOS
Bandwidth based DOS
The first one is Bandwidth based DOS.
Bandwidth based DOS is based on saturating the bandwidth.
So the server cannot accept any more requests.
You can see two components when you use the internet.
Those two components are Download and Upload.
If you have 50 megabits per second bandwidth, you can download and upload 50 megabits per second.
That means the router that connects you through to the ISP can send 50 megabits in a given second and it is also can download the data to all the devices through the router.
If you have a server that has a download bandwidth of 50 megabits per second can only take 50 megabits in a given second and that's it. It cannot take more than that.
But you have a badass server or a machine that has an upload of 100 megabits per second.
In a given second you can send 100 megabits and the server can only process 50 megabits.
So you can always see there will be some sort of clogging in the server.
So what will happen here is you can send 100 megabits.
But the server can only process 50 megabits. The server took double the time to process the data.
If you keep doing and send this again and again and again, the server will keep busy just processing your data.
If anyone trying to view that webpage it will be blocked. Because the server is clogged with your data.
So this is Bandwidth based DOS.
Maximum connection based DOS
The second type is the Maximum connection based on DOS.
That's basically allowing the servers to reach its maximum number of TCP connections.
TCP is it is a stateful protocol.
So the server cannot accept any more requests.
Stateful that means the server needs to keep some sort of a state in memory in RAM about its clients.
So it keeps the information about the server.
So there are some CPU cycles and there is some Ram and there are some resources, associated with each TCP connection.
Obviously, the server allows every user.
For example, we have six maximum connections.
Three is used by other guys.
Your haters ganged up and they try to saturate this server.
let's just connect to this server and then exceed the maximum number of connections.
So once they do that then other users cannot view the website.
Because there is no more connection to serve.
The user cannot move the established connection, due to the exceeded maximum connection.
This is also not easy to do.
Haters can establish a TCP connection.
But they cannot just keep establishing TCP connections forever.
This is because, if the haters try to connect, do nothing or become inactive the server will have a preventive measure after a certain period of inactive time.
if the haters establish a connection and then you didn't do any activity the server will just kill the hater's connection.
It sends the request to connect and then it sends one byte at the time
There is another attack called SLOWRIS.
The haters can connect just one machine and establish a TCP connection and keeps it alive.
It sends the data very slowly.
So that the server still thinks this guy is slow, and the server resets the timer.
So this is Maximum connection based DOS.
Vulnerability based DOS
If the guy is a hacker and he or she is really good and knows about the latest security threats, can easily find the server name and do some Buffer Overflow Attack.
She sends a malicious string, for a given input (that is legit input) for a given endpoint.
So it will overwrite the Stack, Buffer, Memory, and Return address for the function and will wipe up the memory and gets an error.
And then the server will crash.
Once the server is crashed, the users longer to connect.
Because there is nothing to connect the server.
Some users will use buffer overflow attacks to send a malicious string that has code in it that eventually will run on the server.
.
And even worse this guy or this girl will take over the server altogether.
Because this will execute the remote code and then
redirect all the traffic to another site.
So the server will be down.
So this is Vulnerability based DOS.
0 टिप्पणियाँ