A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer or network resource unavailable to its intended users. The speciality of the DDOS is that, it relays attacks not from a single network/host like DOS. The DDOS attack will be launched from different dynamic networks which has already been compromised.
Types:-
Ping of death :-
Attacker deliverately sending a ping packet, normally 64 bytes, that is larger than the 65,535 bytes. Many computer systems cannot handle an IP packet larger than the maximum IP packet size of 65,535, and often causes computer systems crash. A ping packet of size greater than 65,535, can be sent if it is fragmented.When a receiving computer reassembles the packet, a buffer overflow occurs, which often causes computer to crash.
Ping of flood:-
An attacker overwhelming the victim’s network with ICMP Echo Request (ping) packets. A flood of ping traffic can consume singificant bandwidth on low to mid-speed networks bringing down a network to a crawl.
Smurf Attack:-
Smurf attack exploits the target by sending repeated ping request to broadcast address of the target network. The ping request packet often uses forged IP address (return address), which is the target site that is to receive the denial of service attack. The result will be lots of ping replies flooding back to the innocent, spoofed host. If number of hosts replying to the ping request is large enough, the network will no longer be able to receive real traffic.
SYN Floods :-
When establishing a session between TCP client and server, a hand-shaking message exchange occurs betwen a server and client. A session setup packet contains a SYN field that identifies the sequence in the message exchange. An attacker may send a flood of connection request and do not respond to the replies, which leaves the request packets in the buffer so that legitimate connection request can’t be accommodated.
Teardrop Attack :-
Teardrop attack exploits by sending IP fragment packets that are difficult to reassemble. A fragment packet identifies an offset that is used to assemble the entire packet to be reassembled by the receiving system. In the teardrop attack, the attacker’s IP puts a confusing offset value in the sebsequent fragments and if the receiving system doesn’t know how to handle such situation, it may cause the system to crash.
Prevetion:-
1. Install Intrusion Detection System (IDS)
2. Implement Sysctl. Prevent ping attacks (ping of death, ping of flood, and smurf attacks) by disabling ping responses on the network machines. Enable IP Spoofing protection, and TCP SYN Cookie Protection.
3. Install advanced firewall and DDoS utilities.
4. Install Apache mod_evasive and mod_security modules to protect against HTTP DDoS attacks.
Mod_security:-
Since DDOS normally targets HTTP. Its always good to have a filtering system for apache . So that the request gets analyzed before web server handles it.
Mod_evasive:-
Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denying any single IP address from any of the following:
1. Requesting the same page more than a few times per second
2. Making more than 50 concurrent requests on the same child per second
3. Making any requests while temporarily blacklisted (on a blocking list)
Note:-
1. Well there are no 100% prevention or protection against DDOS.
2. This steps won’t be enough if the DDOS attack is of very high volume.