What is DDOS attack,DDOS Prevention Techniques &how to prevent from DDos ATTACK.

Techyfactory

  What is DDOS attack - DDOS Prevention     Techniques  


𝄚  Table of Content

What is Distributed Denial-of-Service (DDoS) Attacks?

DDoS is a coordinated attack, launched using a large number of compromised hosts. At an initial stage, the attacker identifies the vulnerabilities in one or more networks for installation of malware programs in multiple machines to control them from a remote location. 

At a later stage, the attacker exploits these compromised hosts to send attack packets to the target machine(s), which is (are) usually outside the original network of infected hosts, without the knowledge of these compromised hosts.

Depending on the intensity of attack packets and the number of hosts used to attack, commensurate damage occurs in the victim network. If the attacker can exploit a large number of compromised hosts, a network or a Web server may be disrupted within a short time.

Some common examples of DDoS attacks are fraggle,smurf and SYN flooding. DDoS attack statistics up to the year. 2014 DDoS attack statistics up to the year 2014 (DDoS attack percentage is shown on the y-axis) are shown in Figure It can be seen in the figure that among the commonly used DDoS attacks shown on the x-axis, TCP SYN, HTTP GET, UDP, and ICMP flooding are most frequently used.

Causes of DDoS Attacks

DDoS attacks are catastrophic and can bring down a server or network very quickly. Generally, a DDoS attacker forms (or hires) a network with compromised hosts to launch DDoS attacks. The attacker takes advantage of these compromised hosts to gather security related information.

Eight prominent reasons for DDoS attacks are the following -

◈ High interdependencies exist in Internet security.

◈ Internet resources are limited.

◈ Many unwittingly compromised hosts, puppeteered by one or more dangerous masters, conspire against a few targeted servers or hosts.

◈ Intelligence and resources that may be used to thwart impending attacks are not usually collected.

◈ Simple and straightforward routing principles are used on the Internet.

◈ There are mismatches in design and speeds between core and edge networks     are common place.

◈ Network management is frequently slack.

◈ The common and useful practice of sharing resources has its drawbacks.

What are the Targets of DDoS Attacks

Generally a DDoS attacker aims to attack any of the following targets :-

  • Routers
  • Links
  • Firewalls and defense systems,
  • Victim Infrastructure
  • Victim OS
  • Current Communication
  • Victim Application

Four Steps for Launching of DDoS Attacks

There are four basic steps in launching a DDoS attack -

ⅰ. Selection of Agents 

The master attacker chooses the agents that will perform the attack. Based on the nature of vulnerabilities present, some machines are compromised to use as agents. Attackers victimize these machines,which may have abundant resources, so that a powerful attack stream can be generated. In the early years, the attackers attempted to acquire control of these machines manually. However, with the development of advanced security attack tool(s),it has become easier to identify these machines automatically and instantly.

ⅰⅰ. Compromise 

The attacker exploits security holes and vulnerabilities of the agent machines and plants the attack code. The attacker also takes necessary steps to protect the planted code from identification and deactivation. In the direct DDoS attack strategy, the compromised nodes, aka agents or zombies situated between the attacker and the victim, are unwitting accomplice hosts recruited from among a large number of unprotected hosts on the Internet with high-bandwidth connectivity. The DDoS attack strategy is usually more complex due to inclusion of an intermediate layer of nodes between the zombies and victim(s). It further complicates the traceback of the path from the victim to the attackers mostly due to -

  • the complexity in untangling the traceback information because of the involvement of multiple machines, and/or
  • having to retrace the connection back via a large number of distributed routers or servers. Unless a sophisticated defense mechanism is used, it is usually difficult for the users and owners of the compromised agents to realize that they have become a part of a DDoS attack system.

ⅰⅰⅰ. Communication

The attacker communicates with any number of handlers to identify which agents are up and running, when to schedule attacks, or when to upgrade agents. Such communication among the attackers and handlers can be via various protocols such as ICMP, TCP, or UDP. Based on the configuration of the attack network, agents can communicate with a single handler or multiple handlers.

iv. Attack

The master attacker initiates the attack. The victim, the duration of the attack, as well as special features of the attack such as the type, the length of TTL (time-to-live), and port numbers can be adjusted. The attackers use available bandwidth and each sends a huge number of packets to the target host or network to immediately overwhelm the resources.

DDoS Prevention / DDoS Prevention Techniques

A DDoS prevention system is an “upgraded” version of a DDoS detection system because both monitor network traffic and/or system activities for malicious instances. The main difference is that intrusion prevention systems are able to actively block intrusions that are detected. An intrusion prevention system can take actions such as sending an alarm, dropping malicious packets, resetting the connection and/or blocking traffic from the offending IP addresses.

Intrusion prevention is performed by a software or hardware device that can intercept detected threats in real time and prevent them from moving closer toward victims. It is an useful approach against DDoS, flooding, and brute force attacks. Today, the general lack of adequate security infrastructure across the Internet is a major cause of the tremendous pressure faced by Internet Service Providers to prevent and mitigate DDoS attacks on their infrastructure and services, on their own.

There are many techniques for DDOS Prevention,these are followings :-

  • IP Traceback Techniques

As we have discussed earlier, in a DDoS attack, attackers mostly use zombies or reflectors to send attack packets to the victim machine using spoofed IP addresses. One can attempt to detect the attack source manually as well as automatically. It may be performed either at the victim end or from intermediate routers and traced back to the original source end. Typically, a hop-by-hop traceback mechanism is used from router to router. Therefore, for successful identification of the attack source, co-operation among networks is highly essential. However, manual traceback is a tedious and time-consuming process. To expedite the process, researchers have introduced automated traceback schemes.

    • Link Testing
    • Packet Marking
    • Packet Logging
    • ICMP Traceback Messages
    • Discussion

  • Filtering Techniques

Filters provide a useful and powerful mechanism to protect network resources from DDoS attacks. Several filtering techniques have been introduced by network security researchers. In this section, we discuss three commonly used, but effective approaches to filter DDoS attack traffic, especially with spoofed source IP addresses.in filtering techniques there are following techniques performs -

    • Ingress and Egress Filtering
    • Router-Based Packet Filtering (RPF)
    • Source Address Validity Enforcement (SAVE)Protocol

  • Rate Control

Rate control is another effective approach to prevent DDoS attacks based on pre-specified prevention criteria. It attempts to control or limit the arrival rate of packets matching the DDoS attack criteria. Such schemes are carefully designed so that legitimate flows are minimally harmed. Further, unlike pushback schemes, typically such a scheme does not incur any extra overhead during prevention, and as a consequence, does not create a situation of denial of service by itself.
Tags