Introduction 

DDoS Attack

Distributed Denial of Service, also commonly abbreviated to DDoS, is a cyber attack made infamous by movies and the internet. Simply put, it is a situation where any sort of service is being denied to you, but in this particular post, we will take a deeper look into DDoS and I will try and explain how such an attack works along with its various types. 

Now before we begin, let's just go over the agenda of today's post. 

  • So today we will first see what exactly is a DDoS attack 
  • We'll also go over how it works and the types of DDoS attacks. 
  • In the end, I'll show you a neat little demonstration on how you could perform your own DDoS attack in your neighborhood. 

What is DDoS Attack 

Firstly, let's go over what DDoS means. Now to understand a DDoS attack, it is essential to understand the fundamentals of a DDoS attack. DDoS simply stands for Denial of Service.

This service could be of any kind. For example, imagine your mother confiscates your cell phone when you are preparing for your exams to help you study without any sort of distraction. While the intentions of your mother is truly out of care and concern, you are being denied the service of calling and any other service offered by your cell phone.

Now with respect to a computer and computer networks, a denial of service could be in the form of hijacking web servers, overloading ports with requests, rendering them unusable, denying wireless authentication, and denying any sort of service that is provided on the internet. Attacks of such intent can be performed from a single machine. While single machine attacks are much easier to execute and monitor, they are also easy to detect and mitigate.

To solve this issue, the attack could be executed from multiple devices spread across a wide area. Not only does this make it difficult to stop the attack, but it also becomes near impossible to point out the main culprit. Such attacks are called Distributed Denial of Service or DDoS attacks.

How DDoS Attack Works 

Now let's see how they work. The main idea of a DDoS attack, as explained, is making a certain service unavailable. Since everything that is attacked, is in reality, running on a machine, the service can be made unavailable if the performance of the machine can be brought down.

This is the fundamental behind DDoS and DDoS attacks. Now some DDoS attacks are executed by flooding servers with connection requests until the server is overloaded and is deemed useless. Others are executed by sending unfragmented packets to a server which they are unable to handle.

These methods, when executed by a botnet, exponentially increase the amount of damage that they are doing and their difficulty to mitigate increases in leaps and bounds. To understand more about how these attacks work, let us look at the different types of attacks. 

Types of DDoS Attack 

Now while there are plenty of ways to perform a DDoS attack, I'll be listing down the more famous ones.

These methodologies have become famous due to their success rate and the damage they have caused over time. It is important to note that with the advancement in technology, the more creative minds have devised more devious ways to perform DDoS attacks. 

1. Ping of Death 

The first type of methodology that we are going to discuss is called Ping of Death.

Now according to the TCP IP protocol, the maximum size of a packet can be 65,535 bytes. The Ping of Death attack exploits this particular fact. In this type of attack, the attacker sends packets that are more than the max packet size when the packet fragments are added up.

Computers generally do not know what to do with such packets and end up freezing or sometimes crashing entirely. 

2. Reflected  Attacks (Smurf Attack)

Then we come to Reflected attacks. This particular attack is more often than not used with the help of a botnet.

The attacker sends a host of innocent computers a connection request using a botnet, which are also called reflectors. Now this connection that comes from the botnet looks like it comes from the victim and this is done by spoofing the source part in the packet header. This makes the host of computers send an acknowledgement to the victim computer.

Since there are multiple such requests from the different computers to the same machine, this overloads the computer and crashes it. This type of attack is also known as a Smurf attack.

3. Mailbomb Attack 

Another type of attack is called Mailbomb Attack, Mailbomb attacks generally attack email servers. In this type of attack, instead of packets, oversized emails filled with random garbage values are sent to the targeted email server. This generally crashes the email server due to a sudden spike in load and renders them useless until fixed.

4. Teardrop Attack 

Last but not the least, we have the Teardrop attack. So in this type of attack, the fragmentation offset field of a packet is abused. One of the fields in an IP header is the fragment offset field, indicating the starting position or offset of the data contained in a fragmented packet relative to the data in the original packet.

If the sum of the offset and the size of one fragmented packet differs from that of the next fragmented packet, the packets overlap. Now when this happens, a server vulnerable to Teardrop attacks is unable to reassemble the packets resulting in a denial of service condition.

So this was about how DDoS works what DDoS actually is and the different types. Okay, so that's it for me for today. I'll meet you guys in the next post.

Goodbye. I hope you have enjoyed reading this post. Please be kind enough to like it and you can comment any of your doubts and queries and we will reply them at the earliest do look out for more posts in our content gallery and follow to Blueguard blog to learn more.

Happy learning!

Print this post