Quick introduction to DoS and DDoS
With the current expansion of Internet worldwide, it became extremely necessary the creation of new forms of attacks by the hacker community, the concept of DoS (Denial of Service) and DDoS (Distributed Denial of Service) was born. This type of attack became popular by targeting entities where the availability of various services is the key to the entity's success as well as the reason for its existence, amongst those entities we can include as examples, Banks, ISP, E-commerce websites, etc.. Where every hour, minute or even second means the possible loss of huge amounts of money.
Pre-Attack and Pre-Requirements
It became, for quite a long time an unsolved puzzle for many security professionals the choice of the best time to create an attack network, pre-target-identification or post-target-identification, for sake of neutrality let's say that the best time depends on the objective to achieve, the attacker's mentality and its skills.
We can easily understand that creating a pre-target-identification attack network that is fully functional at the zero attack hour has the same impact as a post-target-identification attack network of the same size ,power and is completely functional but in reality this is not completely true. A pre-target-identification has to be idle for more time, therefore causing network nodes to become inactive either by a sysadmin covering/fixing/patching the attacker's entry point or by the implementation of more restrictive security measures.
The attack methodology used for the expansion of an attack network have been modified since the earliest *DoS attacks, what started as simple Host-by-host attack and the successive host append to the network turned into a battle of "intelligent" scripts/worms capable of doing the job by their own means without almost no human intervention on the process and with a power far more superior than the individual host attack method.
Once formed the attack network, let's look at the attacker as a pyrotechnic technician with all his fireworks ready to launch and begin the show...The countdown clock reaches zero... The attacker presses the trigger (or some pre scheduled event occurs)... The show begins... But what happens?
Post Attack Analysis
From the uninformed victim's point of view, the attack was apparently conducted by various attackers at the same time, almost like an army that marched towards a castle, the real enemy would be the army's leading person and the army itself would just be the attacker's puppets, this lack of knowledge gives the attacker some time, making the victim go through all of the painful "Back-trace" process which sometimes due to a small budget, the high adjacent cost of the analysis and depending on the dimension of the damages caused can lead to the suspension of the attack's forensics.
Protection layers
It is fairly trivial that the more protection layers exist between the attacker and the victim, more anonymous and protected the attacker's identity will be and more difficulties will the victim run across to unveil the attack source.
An elevated number of layers will, as expected, create "lag" between layers which can lead, if badly idealized, to the total of partial failure of the attack, on the other hand a small number of layers can lead to an easy detection of the attacker and therefore, large prejudice for the attacker, it is, in sum, essential to create a balance between both extremes to obtain a successful attack and effective risk distribution.
Other types of DoS
Examples of other attacks aimed at basic and essential company and individual's resources which are "un-wired" can include amongst others, electrical or telephonic cuts, extreme adverse climate conditions (bearing in mind that this attack is however not controlled by the attacker), access cuts (roads,etc..) and probably the most common used forms, the interception and/or manipulation followed by a negation of information or data transmitted via mail etc..
refrence:http://www.astalavista.com/page/articles/_/lectures/quick-introduction-to-dos-and-ddos-r25
Pre-Attack and Pre-Requirements
It became, for quite a long time an unsolved puzzle for many security professionals the choice of the best time to create an attack network, pre-target-identification or post-target-identification, for sake of neutrality let's say that the best time depends on the objective to achieve, the attacker's mentality and its skills.
We can easily understand that creating a pre-target-identification attack network that is fully functional at the zero attack hour has the same impact as a post-target-identification attack network of the same size ,power and is completely functional but in reality this is not completely true. A pre-target-identification has to be idle for more time, therefore causing network nodes to become inactive either by a sysadmin covering/fixing/patching the attacker's entry point or by the implementation of more restrictive security measures.
The attack methodology used for the expansion of an attack network have been modified since the earliest *DoS attacks, what started as simple Host-by-host attack and the successive host append to the network turned into a battle of "intelligent" scripts/worms capable of doing the job by their own means without almost no human intervention on the process and with a power far more superior than the individual host attack method.
Once formed the attack network, let's look at the attacker as a pyrotechnic technician with all his fireworks ready to launch and begin the show...The countdown clock reaches zero... The attacker presses the trigger (or some pre scheduled event occurs)... The show begins... But what happens?
Post Attack Analysis
From the uninformed victim's point of view, the attack was apparently conducted by various attackers at the same time, almost like an army that marched towards a castle, the real enemy would be the army's leading person and the army itself would just be the attacker's puppets, this lack of knowledge gives the attacker some time, making the victim go through all of the painful "Back-trace" process which sometimes due to a small budget, the high adjacent cost of the analysis and depending on the dimension of the damages caused can lead to the suspension of the attack's forensics.
Protection layers
It is fairly trivial that the more protection layers exist between the attacker and the victim, more anonymous and protected the attacker's identity will be and more difficulties will the victim run across to unveil the attack source.
An elevated number of layers will, as expected, create "lag" between layers which can lead, if badly idealized, to the total of partial failure of the attack, on the other hand a small number of layers can lead to an easy detection of the attacker and therefore, large prejudice for the attacker, it is, in sum, essential to create a balance between both extremes to obtain a successful attack and effective risk distribution.
Other types of DoS
Examples of other attacks aimed at basic and essential company and individual's resources which are "un-wired" can include amongst others, electrical or telephonic cuts, extreme adverse climate conditions (bearing in mind that this attack is however not controlled by the attacker), access cuts (roads,etc..) and probably the most common used forms, the interception and/or manipulation followed by a negation of information or data transmitted via mail etc..
refrence:http://www.astalavista.com/page/articles/_/lectures/quick-introduction-to-dos-and-ddos-r25
0 komentar: