DDOS

Universal tool for server attacks.

Hackers carry out carefully planned and sophisticated attacks not to 100% of cases. For targeting of chaos or shutdown any they have an Internet of a resource more universal, but not less effective weapon. Get acquainted! It is DDOS.

This word is reduction from Distributed Denial of Service that is translated into Russian as the distributed failure from service. We very often hear about it from news, at forums or in professional articles, but why this method of the attack is mentioned so often? The answer is very simple: for the attack any public resource regardless of all its technical aspects can be the purpose. The only way to be reliably protected from DDOS - to close network from connections from the outside that, by itself, is impossible, for example, for online store.

But what can achieve the similar attacks? In most cases by means of DDOS cause "falling" of the server. A status at which the required resource ceases to respond to the requests. The hacker somehow generates such amount of requests that the server ceases to manage to process them. Respectively, when the normal user will try to be connected to the server which is under the attack, the required machine because of an overload will not be able to process a request of the user and to send it the answer. Means to the user service will be unavailable.

If the online store is attacked, then failure service undermines confidence of users. "Your website does not work - well and it is not necessary, we will find another", - the normal consumer thinks. Means during DDOS attacks to online stores his competitors will be the winner.

Also resources on which information is not pleasing to hackers can be exposed to the attacks. Roskomnadzor on a wave of a magic wand can block for most of the Russian users any Internet a resource (than they, by the way, also are engaged), but hackers can something more abruptly! "Block" so that no VPN to you will unlock. They do not need neither the judgment, nor tractability of provider, all to be only in their hands. Not only hackers, but, perhaps, and state resort to similar DDOS to the attacks. bodies. So to all the known WikiLeaks in 2010 was exposed to the multiple attacks.

Owners of the majority significant the Internet of resources are ready to pay big money if only to stop the attack and to return operability of a resource. Therefore not only the objectionable resource or online store, but in general anything can become the favorable purpose for the attack.

What it is necessary for the hacker to begin to put servers?

Resources are necessary. Their quantity depends on factors which I will describe now.

1. The loading created by single server request. The attack can be carried out to stupid, but if the hacker studied the attacked server in advance, then, often, it turns out to find ways many times to increase loading from one request. The attack through the NTP protocol (Network Time Protocol) can be an example. As a result of spoofing the hacker sends on behalf of other user a request under this protocol, and the server in reply sends hundreds of the IP addresses to the false address. The request is small, and the answer huge. Using this method it is possible to cause load of an Internet channel in tens times more, than at normal methods of the attack.

2. Power of the attacked server. It is obvious that to put servers of Google it is necessary to create much more the heavy load than to put the minecraft server. By the way, here the universality of DDOS of the attacks also is: on how many the attacked network would not be powerful if the hacker has enough resources, she is doomed.

3. Existence or lack of security features from DDOS. The big websites quite often use similar protection. It is that all requests pass through server proxies which try to separate the attacking computers from computers of normal users. But there are 2 nuances: their department is not always possible, and the power of the attack can be so big that the anti-DDOS service will lay down. But about it below.

4. The resources which are at the disposal of the attacking party.

If the server low-power, and the effective attack is possible, then the server can be put also from one computer (such type of the attack is called DOS). An attack on implementation of IPv6 in Windows can be a good example. Creating requests for connection, it is possible to load the processor for 100%. Thus one hacker managed to keep several weeks servers of one company under the attack about the help only of one mobile phone!

But even if the server has no vulnerabilities in software, and from one mobile or even the computer it is not possible to put it out of action, botnets - combinations of the infected vehicles which are operated at the command of the hacker step on the stage. The largest botnets are capable to put practically any Internet a resource. By the way, I spoke, it is possible to put even the system of protection against DDOS. And so, Cloudflare (one of similar services) in February, 2014 underwent the attack which power exceeded 400 Gbit / with!

For the attack any algorithms, but here the main types of the attacks can be used:

UDP Flood - sending big amount of requests under the UPD protocol for different ports of the attacked machine. As a result the server will be forced to send a large number of ICMP messages "the addressee is unavailable" that eats bandwidth.

SYN Flood - sending a large number of SYN of messages the server force to create new connection which will be closed only on the expiration of timeout. As the number of possible connections is limited, at the attacked machine resources quickly come to an end.

The Ping of Death - goes in parts a packet which size is more than the maximum packet size in IPv4 (65535 bytes). It can lead to inactivation of the server software by the machine. But now successfully fight against this type of the attack.

Zero Day DDoS - DDOS with use of just found vulnerabilities.

Unintentional DDoS - that case when hackers are not involved in anything. This status, at which amount of requests from normal users so big that the server ceases to cope.

Application Level Attacks - the attack is carried out on certain applications on the server. The purpose - to force the application to create the greatest loading one request.

Nuke - sending the modified ICMP of a packet in which processing the critical error arises network equipment or the server.

Let's consider some of the best-known attacks:

The election website of Donald Trump was attacked on the first of April, 2016. The attack was very short on time, but caused a big resonance. Honestly, as the president who cannot protect the website will protect the whole state. To whom it was favorable - now it is difficult to tell. But it is obvious that DDOS rivet great attention on themselves.

DYN - DNS the infrastructure attacked on October 21, 2016. DNS servers serve for conversion of domain names to the IP addresses. When you gather the address of any website, the computer does not know yet what server it should contact. In order that to set it, a request is sent DNS. In those several hours the attack lasted so far users of DNS DYN literally lost an opportunity to use the Internet, domain names are used everywhere. The most remarkable here that Twitter and Spotify used this DNS. Therefore within two hours of the attack access to these websites was limited.

It is also worth noting that the attacked party try not to say directly that their servers are unavailable because of the attack. More often we hear that just servers rebooted or there was a migration process that, of course, is far from the truth. The companies do not want to recognize that they were powerless before hackers.

But from where botnets and who stands behind them undertake? Each botnet belongs to a certain hacker, but it is possible to find sentences about delivery of botnets for rent in the Darknet. To you any website or the server is not ruled? Not a problem, rent a botnet and the website will lay down for time necessary to you. The price of a question depends on the factors described above and duration of the attack.

Hackers gather botnets creating and extending viruses. Any infected machine with Internet access can become the participant of a botnet. Recently not only computers are exposed to infection, but a large number of the infected devices from IoT(Internet of Things) appears. These are any smart devices with Internet connection. Their active participation in botnets is caused by the fact that at the moment insufficient attention, and also that fact is paid to aspects of protection, often process of updating and correction of vulnerabilities is many times more difficult, than on the normal computer. Perhaps, you heard about the botnet Mirai. It consists of smart surveillance cameras, video players and other things which can be carried to the class IoT. Its power huge, it was used in attacks on Dyn DNS.

As the attack to be made by DOS from one computer, it is possible to make it and without expenses in general. There is a tool which gained fame thanks to activity of anonymouses - low orbit ion cannon. It is the program open source for the DOS organization of the attacks. Alone with still help it will be possible to put something hardly therefore anonymouses through the communication channels asked people at the appointed time to begin to attack a certain resource.