Module 10: Denial-of-Service Learn about different Denial-of-Service (DoS) and Distributed DoS (DDoS) attack techniques, as well as the too...

Module10 Denial-of-Service

Thursday, February 29, 2024 0 Comments

 Module 10: Denial-of-Service

Learn about different Denial-of-Service (DoS) and Distributed DoS (DDoS)

attack techniques, as well as the tools used to audit a target and devise DoS

and DDoS countermeasures and protections. Hands-On Lab Exercise s:

Over 5 hands-on exercises with real-life simulated targets to build skills on

how to:

> Perform a DoS and DDoS attack on a target host

> Detect and protect against DoS and DDoS attacks

Key topics covered:

> DoS Attack, DDoS Attack

> Botnets

> DoS/DDoS Attack Techniques

> DoS/DDoS Attack Tools

> DoS/DDoS Attack Detection Techniques

> DoS/DDoS Protection Tools

Section 01: DoS DDoS Concepts

Denial of service (DoS) attack:

In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to a network. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.

Distributed denial of service:

A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. A DDoS attack uses more than one unique IP address or machines, often from thousands of hosts infected with malware.

Botnet:

A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its connection.

Internet relay chat (IRC):

Internet Relay Chat (IRC) is a text-based chat system for instant messaging. IRC is designed for group communication in discussion forums, called channels, but also allows one-on-one communication via private messages as well as chat and data transfer, including file sharing.

Section 02: DDoS Attack Techniques

Attack Techniques

Flood attack:

Flood attacks are also known as Denial of Service (DoS) attacks. In a flood attack, attackers send a very high volume of traffic to a system so that it cannot examine and allow permitted network traffic.

Amplification attack:

An Amplification Attack is any attack where an attacker is able to use an amplification factor to multiply its power.

Protocol attack:

Protocol attacks look to exhaust resources of a server or those of its networking systems like firewalls, routing engines, or load-balancers.

Application layer attack:

An attacker may target the application itself by using a layer 7 or application layer attack. In these attacks, similar to SYN flood infrastructure attacks, the attacker attempts to overload specific functions of an application to make the application unavailable or unresponsive to legitimate users.

Syn flood attack:

A SYN flood is a form of denial-of-service attack in which an attacker rapidly initiates a connection to a server without finalizing the connection. The server has to spend resources waiting for half-opened connections, which can consume enough resources to make the system unresponsive to legitimate traffic.

Section 03: DDoS Attack Countermeasures

Countermeasures

    Baselining the activity on the network.

    Shut down services.

    Ingress or egress filtering.

Rate limiting:

In computer networks, rate limiting is used to control the rate of requests sent or received by a network interface controller. It can be used to prevent DoS attacks and limit web scraping.

Load balancing:

In computing, load balancing is the process of distributing a set of tasks over a set of resources (computing units), with the aim of making their overall processing more efficient.

Bandwith throttling:

Bandwidth throttling consists in the intentional limitation of the communication speed (bytes or kilobytes per second) of the ingoing (received) data and/or in the limitation of the speed of outgoing (sent) data in a network node or in a network device.


0 Comments: