Attacks on denial-of-service are reflected in a clear attempt to prevent the official use of the service. A distributed denial-of-service attack deploys multiple attacking entities to attain this goal. Distributed attacks (DDoS) pose a serious threat to the Internet, and a number of measures have been proposed to prevent this problem. Attackers constantly change their tools to circumvent these security systems, and investigators change their tactics to deal with new attacks.
In order to establish a classification for DDoS attacks, we look at the methods used to prepare and execute attacks (recruit, exploiting and infecting categories), the characteristics of the actual attack (use phase) and the effect it has on the victim.
The attacker manually scans remote machines for vulnerabilities, breaks into them, installs attack code, and then commands the onset of the attack. Only the early DDoS attacks belonged to the manual category. All the recruitment action was soon automated.
The attacker manually scans remote machines to detect vulnerabilities, enters them, enters the attack code, and commands the start of the attack. Only the original DDoS attacks were in the manual category. All hiring actions are instantly automatic.
In semi-automatic attack, the DDoS network contains administrative (master) and agent (slave, daemon, zombie) equipment. The stages of search, exploitation and infection are automatic. In the use phase, the attacker specifies the type of attack, the start, the length of time and the victim with a handle on the agents, who send packets to the victim.
Based on the communication mechanism adopted in between agent and handler machines, we divide semi-automatic attacks into two. One is direct communication and another one is, indirect communication.
Semi-Automatic attack with Direct communication
During an attack on direct communication, the agent and handler machines have to know each other’s identity for the proper communication. This is usually achieved by encrypting the IP address of the attackers on the attack code, which is later added to the agent’s machine. Each of the agent then report their willingness to the handlers, who store its IP address for later communication.
The obvious backlash of this approach to the attacker is that the detection of a single fixed machine can expose the entire DDoS network. Also, as agents and handlers both of them are listening to the network communications, they can be identified by network scanners or network intrusion detection system.
Semi-automatic attack with Indirect communication
In an indirect communication, attacker use some authorized communication service to synchronize agent actions. Recent attacks have used IRC (Internet chat program) channels. The use of IRC services replaces the function of a handler, because the IRC channel provides enough anonymity to the attacker. The agents do not actively listen to network communications (meaning they cannot be detected by scanners), but instead use the official IRC service and their control packets cannot be easily separated from the official chat channel.
One-agent acquisition can lead to the identification of one or more IRC servers and channel names used by the DDoS network. From there, identifying the DDoS network depends on the ability to track the agents currently connected to the IRC server (which can be the basis for all distorted devices). To further avoid detection, attackers often use channel rotation, using any given IRC channel for a short period of time.
As the IRC service is maintained in a distributed way, and an IRC server hosting a specific IRC channel may be available anywhere in the world, this precludes investigations. Although the IRC service is the only known example of indirect communication to date, nothing can prevent it attackers in destroying other legal services for the same purposes.
DDoS automatic attacks make the application phase more than recruiting, exploiting and infecting categories, and thus avoids the need for any communication between attackers and agent equipment. The start time of the attack, the type of attack, the duration of the attack and the victim are set for the attack code. The modes of delivery of this phase of the attack provide little exposure to the attacker, because he is only involved in issuing a single command at the beginning of the recruitment process.
The encrypted attack specification suggests a single-purpose use of the DDoS network, or a static system state. However, distribution methods often leave the back door on an open disabled machine, allowing for easy future access and modification of the attack code. In addition, when providers communicate with IRC channels, these channels can be used to modify existing code.
STEPS, the best CEH training in cochin, will help you learn the concepts of Ethical Hacking and Cyber Security. You will learn about the different types of cyber attacks and behavioral hacking tools used to prevent such attacks. There are many demos in several tools for this moral hacking. You will also learn how to become a Behavior Hacker.
You will learn what Cyber Security, Cyber Security Engineer, Cyber Security Skills, Introduction to Ethical Hacking, Phishing & DDos, SQL Inject Demo, Security Risk and Management, Software Development and Security, Ethical Communication Questions, the top ten reasons to learn cyber security. Online Ethical Hacking training is ideal for both beginners and professionals who want to understand the concepts of Cyber Security. This course is ideal for anyone who wants to learn Cyber Security and work on it.