DoS , DDoS & XSS ATTACKS

 

What is DoS?

DoS stands for Denial of Service Attacks. It is a cyber-attack by a single computer to crash a site or flood it with TCP and UDP packets. A DoS attack makes the server unavailable by sending more traffic so other users cannot access the site.

DoS attacks have become one of the most cyber threats that modern organizations have to face. With just by one DoS attack, an organization can be put out of action for a considerable time.

Some different ways that DDoS attacks can be used

• Volumetric Attacks – Volumetric attacks are classified as any form of attack where a target network’s bandwidth resources are deliberately consumed by an attacker. Once network bandwidth has been consumed it is unavailable to legitimate devices and users within the network. Volumetric attacks occur when the attacker floods network devices with ICMP echo requests until there is no more bandwidth available.

• Application Layer Attacks – Application layer attacks are the attacks that target applications or servers. In this attack, they create many processes and transactions much, aiming to use up resources much as possible. Application layer attacks are difficult to detect because they don’t need many computers or devices to launch an attack.

How to Identify a Dos Attack?

A system or a server will show a slow network connection, Unavailability of the website, or an Error message showing Access Denied to the server or website if a system or a server has faced a DoS Attack

How to Prevent Dos Attacks?

A DoS attack can be prevented by Blocking the accessibility permissions of illegitimate IP addresses and by Changing the configuration of the servers

What is DDoS?

DDoS stands for Distributed Denial of Service Attack. It is also a type of DoS attack. The DDoS attack is done by multiple computers these computers are also called botnets. The reason for using a larger number of machines is because it becomes difficult for the victim to identify the origin of the DDoS attack and makes it complicated for the victim to recover. This attack is done by the attackers to make a site down or not accessible.

Some different ways that DDoS attacks can be used

• Teardrop Attack – A Teardrop DoS attack is done by sending IP data packet fragments to a network. So the network tries to put these fragments back together into their original packets. The process of recombination exhausts the system as the fields are designed to confuse the system to prevent put them back together so it ends up with a crash

• Buffer overflow attacks – In a Buffer overflow attack, the attacker overloads a network address with large traffic so that it is put out of use. This is the most common DOS attack experienced in the present day.

• SYN flood – SYN flood attacks are done by sending requests to connect to a server though the requests sent they don’t complete the handshake so that the network prevents anyone from connecting to the network.

• Zero-Day Attacks – Zero-Day attacks are the attacks that exploit vulnerabilities that have yet to be discovered simply they are the attacks that could be faced in the future.

Some techniques used by hackers for a DDoS attack.

• Application attacks
• Server protocol attacks
• Traffic-volume based attacks

How to Identify a DDoS Attack?

A system or a server will show a flood of spam emails, Frequent internet disconnections or Locking of the system may be occurring

How to Prevent DDoS Attacks?

A DoS attack can be prevented by blocking unusual traffic surge or by changing connection settings to deny access to half-open networks

Differences Between DoS and DDoS Attacks

A DoS attack is done by the use of a single computer, but a DDoS attack is done by multiple computers.

In DoS attacks, packet influx occurs from a single IP and single location but in DDoS attacks, packet influx occurs from multiple IP addresses and multiple locations.

A DoS attack is easy to detect and prevent. On the other hand, a DDoS attack is hard to detect and prevent as it is launched from multiple locations. 

DoS attacks are done with the use of a script or a DoS tool but DDoS attacks are performed using a network of botnets or through a network of devices under the control of an attacker.

How to Prevent DoS and DDoS attacks

Network Monitoring - Monitoring your network traffic is one of the best steps we can take to prevent DoS or DDoS Attacks. It will allow you to be in touch with an attack before the system or servers goes down completely By monitoring your traffic. It's being able to take action if you see any unusual data traffic

Test Run DoS Attacks - By Simulating DoS or DDoS attacks against our own network we can test out our current protection level and helps to build up protection levels and prevention strategies.

What is XSS?

Cross-Site Scripting (XSS) is one of the most popular types of injection and vulnerable attacks which is done by injecting malicious scripts into web applications.

When these infected sites send to an unsuspecting user, the end user’s browser executes the script as the browser has no way to know that the script should not be trusted, and it thinks that the script came from a trusted source, After execution of the malicious script, It can access cookies, session, or other sensitive information stored in the browser and used with that site.

XXS Attack is considered one of the riskiest attacks for web applications. So we have to fix those different types of vulnerabilities to prevent an XSS attack

As an example for XSS Attack, think there is a low-security website with some comment boxes if the XSS vulnerabilities alive their, A attack can inject a script from that text box and can send it to the target

There are Lots of ways an XSS attack can be executed, we will see them through another post

Meet you soon with another section related to Cyber Security till then have a good day...