Skip to main content

How a Denial of Service Attack Works

The simple approach to DOS is to flood a server with a large amount of pointless traffic. This gives the server far too much to deal with. Bandwidth escalates, memory is exhausted and ordinary users can’t get a connection to the server.
But actually maxing out a server can be quite difficult, even with a large number of computers opening up as many connections as they can. As such, attackers have come up with a way to magnify the effect by using fake IP addresses.
Using fake IPs, the same process can be carried out by one computer, a botnet that’s controlled by one master or, as with Operation Payback, a group of people working together.
Here’s what happens.
  1. The attacking machine sends a SYN packet to the server. However, it makes it appear to come from somewhere else.
  2. The server then responds with a SYN/ACK packet, but there’s no response – the sender address was fake.
  3. The server continues to wait for a reply, keeping the connection open and in its memory until it times out.
The server keeps a bunch of useless connections open, losing more and more memory to the attack and eventually becoming crippled.
The strategy is actually fairly successful. It has slowed or crashed some prominent sites.
Labels:

Comments

Post a Comment

Popular posts from this blog

NoOps, the future of cloud computing

In 2009, consulting firm  Delloite  , curious about the trends that the beginning of  digital transformation  was causing in large companies and different sectors of the economy, created a study to survey the digital technologies employed at the time. Ten years later, the booming technologies in 2009 became obsolete  .  Regarding the maturity of  digital transformation  ,  Deloitte  says: “  To stay ahead of the market, organizations must work methodically to envision new innovations and possibilities, set their ambitions for the future and go beyond the digital frontier.” Sounds like a difficult task, doesn't it?  But not so much.  Many previous trends remain important today, have only been refined and continue to evolve.  These include analytics and  cloud computing  , for example. The use of  artificial intelligence  remains paramount, but it is now necessary to step in and completely re-...
10 comments
Read more

How does an English proficiency test work?

 English proficiency tests are administered by authorized institutions and centers in many countries. In Brazil, they are held in most states, on days and times that vary from one organization to another. See more:  Amazon Saheli Quiz Answers No test requires prior completion of a specific course, they only assess the results achieved during the assessment. Therefore, the form of study is optional - it can be done on your own, online, with a private teacher, in a preparatory course or in a language school. Most of the tests assess four skills of the candidate: reading, writing, speaking and listening. They take grammar into account, of course. The weight given to each of the stages varies according to the body responsible for preparing the event. The minimum score required also depends on the level you want to prove or the requirement of the company, the educational institution and the country for which you are looking for an opportunity. Generally, all stages of the assessmen...
12 comments
Read more

Is it safe to use SaaS?

 Now that you've seen some of the main benefits of SaaS, it's time to answer one of the main questions for companies: So, is it safe to use SaaS? It is a fact that choosing new tools for the job is no joke. Preserving company and customer data is of the utmost importance, so you need to ensure that your software is safe and reliable . And for that, it is not enough to rely on automatic pointing of Google's secure access. Once the information has become the company's equity, companies are increasingly willing (and concerned) to protect it from cyber attacks and misuse by employees. So, in the list below you can check the most important items to be evaluated when hiring this service model and find out if it is safe to use SaaS. 1. Verify that the vendor guarantees efficient authentications Migrating from an on-primis model to a SaaS does not have to put your operations at risk. Especially because companies that use cloud computing invest a lot in technology and qualified ...
6 comments
Read more