Dos and DDOS Definition and Countermeasures

Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks concentrate on rendering any resource (i.e., site, server, or application) inaccessible for whichever function it was created for. There are numerous means for making services inaccessible to their legitimate customers, including manipulation of network packets, resource handling, programming, or logical vulnerabilities. When services receive several requests, they may become unavailable for legitimate customers. Likewise, services can also stop due to exploitation of programming vulnerability, or how the service manages the resources it utilizes.

The attacker may, at times, inject and effect arbitrary code when carrying out DoS attacks for accessing key data or executing server commands. DoS attacks considerably damage the service quality, negatively affecting legitimate customers experience. They give rise to significant delays in response, service disruptions, and huge losses, thereby directly affecting the availability of service (OWASP, 2015). This form of cyber-attack attempts to make a certain target service inaccessible for audiences.

As DoS vulnerabilities for applications are fairly uncommon and mostly get fixed fairly quickly, a majority of DoS attacks are performed by exploiting the weak spots of network protocols. Prevention An efficient prevention plan for DoS attacks begins with network layout and culminates in application code, via an exclusive ACL or access control list established on routing device (preferably at the level of carrier). High-capacity devices for DoS mitigation are essentially firewalls having roughly 30 Gigabit per second capacity; each of these is designed expressly for discovering and filtering DoS traffic.

This kind of arrangement makes each of the servers hosted within the network resistant to denial-of-service attacks, as they are filtered out prior to being able to reach the application or servers (Oesterling, 2015). Distributed Denial-of-Service Attacks (DDoS) DDoS attacks commence from a multiple-source network (typically several thousands of sources). To put it plainly, DDoS attacks are DoS attacks arising from multiple distributed attack IP addresses or sources. Such an attack-source network is referred to as a botnet -- an infected server or computer network under a hacker's control.

Hackers are able to control all infected devices from Command & Control servers (C&Cs or CnCs), making them, for instance, dispatch HTTP GET requests to targets simultaneously; this is a type of application layer distributed denial-of-service attack (Oesterling, 2015). Prevention Honeypots Honeypots are basically of two kinds: high- and low- interaction. Low interaction ones imply emulating operating systems and services. Their implementation is safe and convenient. Attackers will not be able to communicate with the key operating system; rather, they will only have access to certain services.

This is why such honeypots are unable to offer comprehensive details with regard to the actions of attackers, and allow easy detection. They can, however, identify attempts at communication towards unfamiliar IP (internet protocol) addresses. Route Filter Techniques Multiple recommendations for defense against distributed denial-of-service attacks are derived from the BGP or Border Gateway Protocol community. The developers of routing protocols did not place emphasis on security; rather, their focus was sound routing methods and avoidance of routing loop. Initially, attackers began directing attacks at routers.

Through router access, they were able to guide traffic across bottlenecks, look at critical information, and modify it. Such threats.