Skip to content
Step by Step Internet 🌐 Guides for learning to surf the Net
Informatic security

DDoS Attack What is it, how does it work and how to defend against denial of service attacks?

DDoS Attack What is it

Today we are going to know more about a term that many people do not even know but that is the order of the day on the internet: the DDoS attack , a way to collapse a site without having to snake on its networks or introduce malware.

The DDoS attack that basically does is run out of a demand-based server, so that it cannot continue working . Of course, there is much more behind, but that is the basis. We will see everything below, from exactly what it is to how to do it, through the types that exist, the most popular attacks in history …

As a curiosity, indicate that this is a resource widely used to claim, especially against governments. However, it is not too useful and, for the moment, it is getting a negative effect, staining the image of network professionals. Anyway, that’s not the subject; Let’s get to know the DDoS in depth!

What is a distributed denial of service or DDoS attack? Definition

Esquema ataque DDoS

DoS, Denial of Service: It is a type of computer attack that is executed so that a system is inaccessible, by saturation, those users who use it legitimately. In honor of the name given to this action, it is intended to obtain a denial of service .

Read moreHow to update Avast antivirus to the latest available version? Step by step guide

DDoS, Distributed Denial of Service : It is an amplified version of the DoS attack. In this case, it is about saturating a server by attacking it from several computers at the same time and using, of course, several internet connections . In this way a greater volume of attack packets is achieved , making it easier to disable a server or, in fact, allowing it (there are cases in which a simple DoS would not be capable).

Types and examples of DDoS attacks

Seeing what it is and what it means, we must indicate that there are different types of DDoS attacks. Of course, they have all of the above in common, but they have details that make them differ from each other and that are more useful in some cases.

We can classify them as:

  • Volume-based DDoS : What is sought is bandwidth saturation, congesting it.
  • Protocol DDoS: Consume resources and / or services.
  • Application layer DDoS: Illegal requests are used to obtain targeted responses.

The most common types are:

Syn Flood or flood of Syn packages

It is the most common, the one that best captures what we just saw. It is based on the TPC protocol that includes three steps in your connection. We have to the third step never takes place and, therefore, the second remains active and waiting until that request is completed, so that others cannot be made; that is, a very simple method of uselessness.

A flood of header-based requests with Flags SYN is performed from several points so that the server tries to connect to the different source addresses (which are usually false ) and , at the same time, is waiting for the corresponding response package, which never arrives.

Thus, the server consumes resources continuously and the amount of simultaneous connections allowed by the server is allowed, so that it stops responding.

ICMP Flood or flood of ICMP packages

In this case, what is sought is a depletion of bandwidth by sending a huge amount of ICMP-type packages (internet message control protocol) so that the response is based on ICMP Echo reply packages, which overload the system.

These are launched again and again , creating an effect similar to that of the ping-pong game (in fact, this SSoD attack is also known like this). For this attack to take effect, it is necessary that the attacker has a greater capacity to withstand overloads (remember that the communication is bidirectional).

SMURF

It is an ICMP flood powered. In this case one more variable enters the game, an intermediary that first receives the ICPM echo request packets but whose origin appears to be that of the victim and not that of the attacker. The intermediary should then respond to the victim believing that it is the true origin. Obviously, the greater the number of intermediaries, the more responses to the victim.

TIPOS DE ATAQUE DDOS ATAQUE SMURF

Connection Flood

It is sought to have as many connections as active as the victim server can support, opening as they close or expire so that it is always full and cannot receive queries other than those of the attacker .

UDP Flood or flood of UDP packets

In this case, the packets that are generated and sent are of type UDP , which is a user datagram protocol. A spoofing IP is used or phishing, as this protocol works naturally without connection. The attack is usually directed at Echo services due to the considerable size of its response messages.

Slow Read

This type of attack is a very slow sending of the data , so it keeps the server busy for longer and consuming resources.

What are the differences between DoS and DDoS attacks?

diferencias entre ataques DoS y DDoS

We have already seen that DDoS corresponds to a distributed attack. In the case of DoS (Denial of Service) we have to this is much simpler . It will only require a computer machine with an internet connection , unlike the DDoS, in which, as we have seen, several machines and connections that are distributed are necessary.

Derived from this we have that the DoS attack is more easily deflectable , because it can be traced. The DDoS, being dispersed, is very difficult to divert.

How does a DDoS attack affect a web page and how to stop them?

ataque ddos en web

Obviously, the consequences will differ depending on the attack and depending on the characteristics of the attacked server. However, the essence is similar. Faced with an abnormally large volume of requests in unison and data arrival, the server starts running slower , either because it consumes resources or because it works on a network with a bandwidth that is being seeing diminished, which entails knocking down the web and leaving it out of service.

We must take into account the volume of the attack and also the filters that the server has (or should have) to detect strange packets. We can launch the largest attack in history and have the best protected server on the planet barely be affected or we can make a small, “trial” attack against an unprotected server and throw it completely during hours, preventing him from even solving the problem until it is the attackers who decide to stop.

Following this, the consequences will be those of not having the web active because you have been “knocked out” . If the site is that of a dentist, the only thing that will happen is that a person who was to enter to decide to go to it does not do so. If you have a marketplace like eBay, Amazon, El Corte Inglés etc, imagine what an hour without sales means.

Usually, this is the only thing that happens, that the server is not partially or fully available. Physical damage is possible but this is not common; they would occur combining the attack with the introduction of a takeover malware and in the event that there is known and exploited a vulnerability.

What have been the most powerful denial of service attacks in history? ?

Just as, throughout the history of the internet, virus attacks with impressive repercussions have been made known throughout the globe, we also have cases to consider in relation to the attacks Distributed denial of services. The most talked about have been.

  • MafiaBoy Attack : In the year 2000 Yahoo !, the search engine stopped working for an hour. Guilty? A Canadian boy who decided to launch a DDoS attack to publicize the abilities that his group and he had; and he did not lack reason, because in later days they also successfully attacked spaces such as CNN, eBay or Amazon among others.
  • July 2009 set: In this case several were launched attacks that made a dent in government, financial and US news websites. UU and South Korea. A botnet of about 50,000 computers could be estimated. To date the performers of this feat are not known.
  • The attack of junk mails: The most recent of the DDoS that have traveled around the world took conducted between companies in the same sector, a low attack to leave the competition inoperative. One company sent hundreds of junk mail or SPAM to the other, even causing a general slowdown of the interne and leaving the central node of London itself inoperative.

How to make a DDoS attack from Kali Linux? Not suitable for beginners

hacer un ataque DDoS desde Kali Linux

You feel like “playing” and want to try to see how it goes, because we give you the tools so you can do the test, yes, always at your own risk and risk, since this carries many risks to possible complaints of those affected etc.

You have to get Metasploit, an open source Pentesting tool:

Download MetasPloit free

  • You will find two free versions (for groups and companies and for developers, and a paid version (you can see the characteristics of each one by clicking on « Compare features “). Choose as you prefer over” Free Download “or” Buy It “if you want the paid version.
  • Next, you’ll see that you have to add some information like your name, your last name, your email address, your phone number, the type of business you have …
  • When you finish, click on « I´m not a robot «.
  • Then, you must press the button« Submit «.
  • Then you show the available versions of Metasploit; choose the one that is appropriate for your operating system.
  • An executable that you must click will be downloaded.
  • Now the installation window will appear. a on « Next «.
  • Click on the option in which you accept the agreement and again on the button « Next «.
  • Next, you will have to choose a destination folder and click again on « Next «.
  • You are informed of the incompatibility with antivirus and firewall strong>, so you’ll have to deactivate them momentarily. Press « Next «.
  • Now it’s time to indicate the port you want Metaesploid to use . Press « Next «.
  • Touch generally an SSL certificate by entering server name and days of validity. Again to « Next «.
  • You are notified that the installation will begin. Press « Next « again.
  • When the installation is finished, press « Finish «. There is a box that avoids running Metasploit, uncheck it if you won’t do it at this time or leave it checked if you want to open it.

In the same way, you also need a Kali Linux virtual machine, for this you have to download Kali Linux in an updated version, we leave you some interesting links:

Download Kali Linux for Windows 10

Download all versions of Kali Linux

You will also have to download VirtualBox , its download and update are conventional, as we have seen in the previous case: an executable, start screens that we must go through and, finally, install.

Download VirtualBox

Follow the steps below:

  • Run VirtualBox .
  • Click on « New » (we are creating a virtual machine).
  • Give it the name you prefer.
  • Choose, in type, “ Linux “.
  • The version should be “ Debian ” .
  • Press « Next «.
  • Choose the amount of RAM you want; We recommend a minimum of 1 GB.
  • Press « Next « again.
  • Check on « Create a virtual hard disk now > «.
  • Click on» Create «.
  • In file type, choose« VDI «. Li >
  • In the next window, check « Dynamically reserved «.
  • Press « Next «.
  • Choose the location of your new file and the size of the drive (of at least 20 GB).
  • Click on « Create «.
  • It will appear in the VirtualBox interface on the left. Check it and, among the available options, click on “ Settings “.
  • On the left you have a number of tabs; click on “ Sistem “.
  • Then, choose the “ Processor ” tab.
  • In this, mark the « Enable PAE / NX «.
  • In the tabs on the left, go down to “ Storage “.
  • Go to « IDE Controller «. and click on the “ Add device ” icon (a CD with a + sign).
  • Then, you must click on “ Select disk ” .
  • Here you will have to examine your device and choose the ISO image of Kali that you have previously downloaded.
  • Click on « Start > »And the system will load.
  • Now click on« Install «.
  • Choose the language of your choice, your country (twice).
  • Now, we will have an installation screen that requires the name of the machine.
  • Tab to get to the option « Continue strong> «.
  • It’s time to enter a password that you shouldn’t forget. Tab again until « Continue «. You will have to repeat it.
  • You will be shown the disk controllers you have on your computer to choose the one you prefer.
  • Choose the number of partitions you want (we recommend one). li>
  • Click on « Yes «.
  • At the question about network replication, choose « No «.

    • After a few moments of the blue screen we are asked if we want to install a grub ; we have to choose « Yes «.

  • Then click again on « Continue «.
  • The machine will start . We must choose the first option of the two available.
  • Open your browser .
  • Enter the IP address you want to attack in the search bar. If you don’t have the IP, you will have to get it; There are many websites that do it easily.
  • Open Metasploit .
  • Start by executing the command « use ausiliary / dos / tcp / synflood strong> «.
  • Set RHOST , your victim, with the command« set RHOST + IP of the victim web «.

    • The next command will be “ exploit “, which you will complete by pressing “ Enter “. You will see the attack begin. At this time the web will no longer be operational; you can easily check it by trying to access it.

  • When you finish, you just have to launch the command « Exit » to exit Metaexploit.