Wednesday, April 6, 2016

DoS v.s. DDoS

People like to mix up DoS with DDos, which are similiar but different. By refering to Wikipedia, we got:

DoS: A denial-of-service (DoS) attack is an attempt to make a machine or network resource unavailable to its intended users, such as to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.

DDoS: A distributed denial-of-service (DDoS) is where the attack source is more than one, often thousands of, unique IP addresses.

Difference

DoS is launched by one machine; on the contrast, DDoS is launched by distributed machines.

Refer to DDoS attack - Distributed Denial of Service, we got: “A Denial of Service (DoS) attack is different from a DDoS attack. The DoS attack typically uses one computer and one Internet connection to flood a targeted system or resource. The DDoS attack uses multiple computers and Internet connections to flood the targeted resource. DDoS attacks are often global attacks, distributed via botnets.”

Who Mixed Them Up?

I’ve been seeing this mistake for a long time, people keep mixing up these two names. If the attack was only launched on one machine, then it’s called DoS instead of DDoS. Some examples of people who got it wrong here:

Why This Matters?

DoS is easy to launch, and easy to be defended. On the other hand, DDoS is always a big threat in current world since victims have a difficult time distinguishing the bad guys from the large amount of users. DDoS is a serious problem that we should be focus on (see Digital Attack Map hosted by Google); and those who claim what they were doing were DDoS attacks but actually DoS attacks should stop delivering wrong information to the public.

How To Launch DDoS Then?

Too bad, I’ve never launched a DDoS attack before, which I believe it’s illegal as well. However, followings are the information about it if you’re interested in knowing more. And, one should NOT apply them on real machines/networks unless he/she fully understand the consequences.

First of all, you need a BotNet, or a distributed machines under your control. Bad guys buy the BotNet on Black Market. Those machines are usually the ones had been hacked, so attackers can control them via the backdoor left on the machine.

Then, the attacker will ask all the bot machines send requests to the victim. The requests will be in a high frequency, and make the victim couldn’t handle all of them (run out of memory or CPU), eventually the service freezed. UFONet is one tool I found online that is designed to test/launch DDoS attacks written in Python.