DDoS attack - what is it? Program for DDoS attack

Attack, during which users can not access these or other resources, called DDoS-attack, or a problem such as "Denial of Service." The main feature of such hacker attacks is simultaneous requests from a large number of computers around the world, and they are directed mainly to servers of well-protected companies or government organizations, less often to single non-commercial resources.

The computer infected with the Trojan program becomes like a "zombie", and hackers, using several hundred or even tens of thousands of such "zombies", cause a malfunction in the work of resources (denial of service).

The reasons for conducting DDoS attacks can be many. Let's try to identify the most popular ones, but at the same time answer the questions: "DDoS attack - what is it, how to defend itself, what are its consequences and what means is it conducted?"

Competition

The Internet has long been a source of business ideas, the implementation of large projects and other ways to earn a lot of money, so the DDOS attack can be carried out to order. That is, if an organization wants to remove it when a competitor appears, it simply refers to the hacker (or a group of them) with a simple task - to paralyze the work of an objectionable company through Internet resources (DDoS attack on the server or site).

Depending on the specific goals and objectives, such an attack is established for a certain period of time and with the use of an appropriate force.

Fraud

Quite often the DDoS attack on the site is organized on the initiative of hackers in order to block the system and gain access to personal or other important data. After the attackers paralyze the system, they may require a certain amount of money to restore the performance of the attacked resources.

Many Internet entrepreneurs agree to the conditions put forward, justifying their actions by idle time in work and obtaining huge losses - it's easier to pay a small amount to a fraudster than to lose significant profits for every day of downtime.

Entertainment

Many users of the World Wide Web are simply interested in curiosity or fun: "DDOS attack - what is it and how to do it?" Therefore, it is not uncommon for beginners to organize such attacks on random resources for the sake of fun and strength trials.

Along with the causes, DDoS attacks have their own classification characteristics.

1. Bandwidth . Today almost every computer room is equipped with either a local network or simply connected to the Internet. Therefore, cases of network flooding - a large number of queries with an incorrectly formed and meaningless system to specific resources or equipment - are often used for the purpose of its subsequent failure or failure (communication channels, hard disks, memory, etc.).
2. Exhaustion of the system . Such a DDoC attack on the Samp server is performed to capture physical memory, CPU time and other system resources, due to the lack of which the attacked object simply does not have the ability to work fully.
3. Loop . Infinite data verification and other cycles that operate "in a circle" cause the object to spend a lot of resources, thereby clogging the memory to its full exhaustion.
4. False attacks . Such an organization is aimed at the false triggering of protection systems, which ultimately results in the blocking of certain resources.
5. HTTP protocol . Hackers send low-capacity HTTP packets with special encryption, the resource naturally does not see that the DDoS attack is organized on it, the server program, performing its work, sends out packets of much larger capacity in response, thereby clogging the victim's bandwidth, which results in Again to the failure of the services.
6. Smurf attack . This is one of the most dangerous species. The hacker sends a fake ICMP packet to the victim, where the victim's address is replaced by the attacker's address, and all nodes begin to send a response to the ping request. This DDoS attack is a program aimed at using a large network, i.e., a request processed by 100 computers will be reinforced 100 times.
7. UDP-flood . This kind of attack is somewhat similar to the previous one, but instead of ICMP-packages, attackers use UDP-packages. The essence of this method is to replace the victim's IP address with the hacker's address and fully load the bandwidth, which will also lead to a system crash.
8. SYN-flood . Attackers try to simultaneously start a large number of TCP-connections through the SYN-channel with an incorrect or completely absent return address. After several such attempts, most operating systems queue a problem connection and only after a number of attempts to close it. The flow of the SYN channel is quite large, and soon, after many such attempts, the victim core refuses to open any new connection, blocking the work of the entire network.
9. "Heavy packages . " This kind of answer the question: "What is the server's DDoC attack?" Hackers send packets to the user's server, but bandwidth saturation does not occur, the action is directed only to CPU time. As a result, such packages lead to a failure in the system, and it, in turn, denies access to its resources.
10. Log files . If the quota and rotation system has security holes, attackers can send large packets, thus taking up all the free space on the server's hard disks.
11. The program code . Hackers with extensive experience can fully study the structure of the victim's server and run special algorithms (DDoS attack - exploit program). Such attacks are mainly aimed at well-protected commercial projects of enterprises and organizations of various spheres and regions. Attackers find gaps in the program code and run invalid instructions or other exceptional algorithms that lead to an emergency shutdown of the system or service.

DDoS attack: what it is and how to defend itself

Methods of protection against DDoS-attacks, there are many. And all of them can be divided into four parts: passive, active, reactionary and preventive. About what also we will talk further more in detail.

A warning

It is necessary to prevent the causes themselves, which could provoke a DDoS attack. This kind can include some personal dislike, legal differences, competition and other factors provoking "increased" attention to you, your business, etc.

If you respond in time to these factors and draw the appropriate conclusions, you can avoid many unpleasant situations. This method can be attributed, rather, to a managerial solution of the problem, than to the technical side of the issue.

Response measures

If attacks on your resources continue, you need to find the source of your problems - the customer or the executor, - using both legal and technical levers of influence. Some firms provide services to find intruders in a technical way. Based on the qualifications of specialists dealing with this issue, one can find not only a hacker who implements a DDoS attack, but also the customer himself.

Software protection

Some hardware and software vendors, along with their products, can offer quite a few effective solutions, and the DDoS attack on the site will be nipped. As a technical defender can act as a separate small server, aimed at countering small and medium DDoS-attacks.

This solution is perfect for small and medium-sized businesses. For larger companies, enterprises and government agencies, there are entire hardware complexes to combat DDoS attacks, which, along with a high price, have excellent protective characteristics.

Filtration

Blocking and careful filtering of incoming traffic will not only reduce the likelihood of an attack. In some cases, a DDoC attack on the server can be completely eliminated.

There are two main ways to filter traffic: firewalls and full routing by lists.

Filtering with lists (ACL) allows you to filter out secondary protocols without violating the work of TCP and not decreasing the speed of access to the protected resource. However, if hackers use botnets or high-frequency requests, then this method will be ineffective.

Firewalls are much better protected against DDoS attacks, but their only disadvantage is that they are only for private and non-commercial networks.

Mirror

The essence of this method is to redirect all incoming traffic of the attacker back. You can do this by having powerful servers and competent experts who will not only redirect traffic, but also will be able to disable the equipment of the attacker.

The method does not work if there are errors in system services, software codes and other network applications.

Vulnerability Scan

This type of protection is aimed at correcting exploits, eliminating errors in Web applications and systems, as well as other services responsible for network traffic. The method is useless against flood attacks, which are aimed specifically at these vulnerabilities.

Modern resources

100% protection guarantee this method can not. But it allows you to more effectively conduct other activities (or a set of those) to prevent DDoS-attacks.

Distribution of systems and resources

Duplicating resources and distributing systems will allow users to work with your data, even if at that moment a DDoS attack is conducted on your server. For distribution, you can use different server or network equipment, and it is also recommended to separate services physically through different backup systems (data centers).

This method of protection is the most effective to date, provided that the correct architectural design has been created.

Evasion

The main feature of this method is the output and separation of the attacked object (domain name or IP-address), ie all working resources located on one site must be divided and located on third-party network addresses, or even in the territory of another state. This will survive any attack and preserve the internal IT structure.

Services for protection against DDoS-attacks

Having told all about such an adversity as DDoS-attack (what it is and how to deal with it), we can give at last one good piece of advice. Very many large organizations offer their services to prevent and prevent such attacks. Basically, these companies use a whole range of measures and various mechanisms to protect your business from most DDoS attacks. Experts and experts of the business work there, therefore, if your resource is dear to you, the best (albeit not cheap) option is going to one of such companies.

How is the DDOS attack done by one's own hands?

Aware, then armed - the right principle. But remember that deliberate organization of a DDoS attack alone or by a group of people is a criminal offense, so this material is provided for information only.

American IT-makers on threat prevention have developed a program to test the stability of server loads and the ability to conduct DDoS attacks by intruders, with the subsequent elimination of this attack.

Naturally, the "hot" minds turned this weapon against the developers themselves and against what they fought against. The code name for the product is LOIC. This program is freely available and, in principle, is not prohibited by law.

The interface and functionality of the program is quite simple, it can be used by anyone who is interested in DDoS-attack.

How to do everything yourself? In the lines of the interface, it's enough to enter IP-victims, then install TCP and UDP threads and the number of requests. Voilà - after pressing the treasured button, the attack began!

Any serious resources, of course, will not suffer from this software, but small ones may experience some problems.