DDOS attacks Flashcards
what is DDOS
Distributed Denial of Service.
it is a cyberattack in which multiple compromised computers (often part of a botnet) flood a target system or network with a massive volume of malicious traffic, overwhelming it and causing it to become inaccessible to legitimate users. the goal of a DDoS attack is to disrupt or disable the target’s online services temporarily or permanently.
what is an uplink capacity
refers to the maximum data transfer rate for sending data from a local network or device to the internet or a wider network
what are ICPM Echo Request Packets
commonly known as “ping packets,” are used to test network reachability and latency by sending requests to remote devices and waiting for responses. these packets are fundamental for diagnosing network connectivity and performance.
convert bytes, mbps and kbps to bps
1 byte = 8 bits
1 kbps = 1,000
1 mbps = 1,000,000
what are zombies
are compromised computers or devices that have been infected with malware controlled by remote attackers. they’re part of a botnet
how to calculate maximum number of packets per second for each zombie:
uplink capacity (bps) / ping packet size (bps) = packet per second (bps)
how to calculate number of zombies need to flood a target uplink capacity
target uplink (bps)/uplink capacity(bps) = number of zombies
what is a SYN flood attack
a type of DoS attack in which an attacker floods a target server with a large number of TCP connection requests, these connection requests are sent but not completed by the attacker, tying up server resources and preventing legitimate users from establishing connections
how to determine if the attacker will be able to SYN flood the victim’s server
by calculating whether the attacker can generate TCP connection requests at a rate exceeding the victim’s server’s capacity
- you can also count the minimal number of hops required where the smallest link capacity can exceed the rate that the victim’s server could handle in Mbps
how to calculate server capacity
server processing rate * request size in bytes = server capacity in bytes/sec
what is a reflector attack
an attacker sends many requests with a spoofed source address to a service on an intermediate host (reflector) to make it seem like the victim is sending those requests
the flood of responses consume the victim’s bandwidth
> it is UDP based, which makes it easier to spoof the host addresses successfully
if an attacker wants to saturate (overflow) the network in order to cut off internet access for their victim, how would they go on doing that
> start from your objective router, and look at its capacity
look at routers that the objective router had direction connections to, pick a server with higher capacity - which will generate high traffic due to more responses
construct your path choosing links with higher capacity
if there are links with the same number, choose in alphabetical order
- pick a DNS server - because of DNS recursion, their public accessibility and amplification (small request, big response)
