To serve or not to serve – DoS vs. DDoS

If you’ve heard of the beautiful term called DoS before, great! that’s not it.

To the “veterans” among us this term usually attributed to DOS which stands for Disk Operating System,

“IBM’s DOS”

the “original operating system” on which the Windows operating system was based on.

But no, right now we will talk about the DoS and DDoS type of attacks.

DoS stands for Denial Of Service, which is exactly what this type of attacks do, the deny the service provider from giving any service, whether it’s meant to transfer requests, data, or even meant to simply allow access to some sort of database.

The DoS types of attacks take advantage of vulnerabilities existing in the target workstation.

Our PC contain components such as CPU, GPU, and your storage component of choice (HDD, SSD and such), we also have a very important component called NIC (Network interface controller), You’re probably wondering why I’m telling you about those components, all of those components have one thing in common:

They all need resources in order to function properly, just like the average everyday human needs his meal (especially our poor, tired devs), the same way the components need to be “fed” in order for them to do their work.

How dos attacks are carried out you ask?

By overloading those components with requests, operations and basically making them a mother of 20 (and even more sometimes) we use resources, and, when the component has run out of resources he will not operate properly which means that the said workstation\server will not be able to provide service (hence the name DoS).

So what are DDoS – the Distributed Denial-of-Service attacks ?

The most important thing is what DDoS adds onto a regular DoS attack.

Just like in our favorite zombie movie, our hero is never triumphed by one zombie, it takes many of them, dramatic loud music and the sounds of “munching” in the background to take him down, just like that, since the advancement of technology and the fact that our hardware components got upgraded means they have more resources, which led to the fact they can now “handle” more compared to the past, and as we can understand, attack from one “direction”\channel is simply not enough anymore.

That’s the “problem” attacks in DDoS configuration is solving, the attacker plans beforehand and “planting” or buying a certain amount of devices, they are also called “Dummies” or “Zombies” due to their “Brain-less” role in the act.

This allows him to control them all at once when the day comes, and when it comes (and it will), they’ll use the main device to “signal” all others and overload our server with many requests, and that’s more than he can handle, which lead to our server not being able to provide services.

A picture that shows network resources being over-used

Let’s look at an example:

  • My E-mail account got “Spammed” (trash mail) and due to the fact that the algorithm of the platform was not good enough and didn’t blocked all the trash coming in, eventually the storage capability has reached his limit which prevents me from getting any other, relevant E-mails – that’s regular DoS attack.
  • My PC (which frankly, doesn’t worth that much) got many PING “messages” (also known as Ping flood attack), since the attacker used many devices, sending them all at once, it required much more resources.

than a single device can handle, causing my NIC to crash – that’s a DDoS attack.

By using the -t we tell the system to keep sending “messages” until we tell it to stop, overloading the system with those requests, now imagine 10-20 PC’s doing the same thing to your device.

How can we stop or prevent this attacks?

A wider Broadband or setting the configuration of our Firewall can help a bit, but, this will not necessarily prevent them, you will need a much better protection for this sorts of attacks, you need the PROS!

In Kayran we can help you fend off any zombies or other forms of attacks that tries to prevent you from giving service to your beloved customers.

Keep on serving! , stay safe, choose Kayran.

What is a CWE ?

Similar to the article written on CVEs, in this article we will answer the questions :What is CWE ? and, what is the difference between

Read More »

Explaining API

We’ve talked about API’s Vulnerability in here, but i feel like there’s much more to talk about and explain since this is a big and

Read More »

APT vs. ATP

In this article we will talk about APT vs. ATP. In other words, Advanced Persistent Threat and Advanced Threat Protection and the context between these

Read More »

The Cloud

I’m pretty sure there isn’t a single adult in the world who hasn’t at least heard of The Cloud. Explaining “The Cloud” in 2022 may

Read More »