The increase in online-based transactions and communications it offers new opportunities for hackers to disrupt business operations with DDoSattacks.DDOS attack can affect the server from multiple computers for crashing the network this is very hard to locate attacking resources to stopping this attack. In this paper we are discussing about the DDOS attack and then how it can be affected to network in which layers it has been affected and how it can be prevented by using Cisco Self Defending Networks and its Features.
Definition: One in which a the masses of compromised systems attack a single target this can be called as a Distributed Denial Of service attack
DDOS is a very strong attack to defend because of this attack can occurred from different different destinations, So it is very difficult to trace out where this attack from. To defend against this there are lot of techniques are coming but all of this techniques are difficult to meet the higher standards. Here we can see how the attacker attacks the victim’s computer.
In this type of attack the attacker can stop the legittimate user to running their services on the network.Mainly the attacker can make the continuos requests to the server to block the service for legitimate user.
Mainly this type of attack can occurred when the system security will be low, this type of attack can be stopped by securing the network with higher standards.
Here the attack can be occurred as an attacker runs a single prompt command, which sends packets using the command to all the captured machines, instructing them to launch a particular attack (ie. called as flooding attacks) against a particular victim. When the hacker decides to halt the attack, they send another one command to stop that attack.
2. Tools in DDOS
Here the some of the tools mentioned here are
Trinoo or Trin00
The Tribe Flood Network (TFN)
Stacheldraht
Trinity
Shaft
MStream
These tools are used for establishing a ddos attack a network or busy sites
Trinoo:
This is a distributed synchronous dos attack, this attack implemented in where the comm. Established in unencrypted way in Udp or Tcp
Default port No.s: 1524tcp,27444udp, 27665tcp
TFN:
It is capable of causing a number of attacks like SYNflood,UDPflood, ICMPflood, Smurf.TFN mostly uses ICMP Echo Reply, ICMP Echo.
Stacheldraht:
It is the combination of both TFN and TRINOO
Trinity:
This is causing for a no. of flood attackin to a server like TCP SYNFlood, SYN,ACK,RST
SHAFT:
It is a type of Packet Flooding Attack,Client can attack with the packets with certain amount of size.
MSTREAM:
Mstream uses someone else tcp packetswith the ACK flag to attack the destintion computer.
3.LAYERS INVOLVED IN DDOS ATTACK(OSI)
In the Network Security every layer having its own security challenges. Mainly we can observe the DDOS attack in the Transport Layer and Network Layer
3.1 DDOS Attack in Transport Layer:
The Transport Layer is more vulnerable by using the DDOS Attack, here the some of the DDOS attacks occur in Transport Layer are:
3.1.1 SYN Flooding
The Syn Flooding can be mostly occurred in the Three Way Handshakes, Whenever the client sends the data to server the server can acknowledges the client with a response, but in this case the client sends the continuous requests to the server whenever the data queue in the server is overflowed then the server can be crashed.
3.1.2 PORT SCAN
This attack is the most popular to gather the important data over the network, the client sends the request to ports weather it is active or not then it is active he wants to find out what are the weaknesses in this server and then sends a continuous requests to system to crash that.
3.2 DDOS Attack in Network Layer
It can be affected by sending continuous packets to the server at the Network Layer to affect the network by sending continuous packets to server and engaged the network. In this case Botnet is the main attack in the Network Layer.
3.2.1 BOTNET Attack
The Botnet is like a malicious software for example we have Trojans the attacker can sends to victim whenever it has been activated then the victims computer sends the requests another victims computer to crash the server this is nothing but a botnet Attack.
3.2.2 Low rate Bandwidth Attack
This attack can be occurred in daily life. Because of the attacker can sends continuous packets to server with using of large size to consume the Bandwidth. This is about the Low Rate Bandwidth
3.3 DDOS in Application Layer
The Application Layer DDOS Attack is also a DDOS attack the attacker sends out the requests to client using the Communication channel. In the Application here are some of the attacks are occurred they are
Session Flooding Attack
Request Flooding Attack
Asymmetric Attack
Session flooding attack is an attack that sends a more session connection to the server than the normal session. Request Flooding Attack is an attack that sends more requests than the normal requests. Asymmetric Attack is an attack that sends requests with huge amount of packet flooding these causes an Asymmetric attack.
4. Limiting DDOS Attack
