User:Collin yeffe/sandbox/DDOS

1.	Denial of Service (DOS) This is an attack launched by a malicious user that makes a resource unavailable to the users and this is achieved through the flooding of the URL target with numerous requests than that a server can handle. The traffic in accessing a particular site will be slowed down than normal, or rather, it would be interrupted completely. The Denial of Service takes place when the legitimate users of a web service or resource are denied access and use (Qin et al. 2018). The attack affects the individual or organization emails, the websites, and online accounts of the banking sector. The most common existing type of the denial of service attack is the Smurf attack, where the sending of the internet control message protocol packet using spoofed IP addresses to multiple hosts in the network. The response was made on the spoofed IP addresses making the target host experience flooding initiating denial of service. The SYN flood attack as a form of denial of service attack occurs when requests are sent by an attacker to be connected to the server, but the connection cannot complete because of a three-way handshake. The incompleteness of the handshake left a port in an unconnected status and unavailable for requests. Sending the packets will continue making the ports saturated; hence legitimate users will not connect to the connect, resulting in a DOS. 2.	Distributed Denial of Service Attack (DDOS) This nature of the attack is typically a Denial of service attack but comes out from multiple sources affecting the same target. The origin and source of the DDOS attack may come from numerous zombie machines connected to the internet. The attacker used a botnet as a machine controlled remotely and used to launch attacks on the internet. The attack is made from multiple sources, and coordination is done from a centralized place (Jamal et al. 2018). There exist many botnets worldwide. The attacker only needs to infect one with malicious software that corrupts its data and alters its normal functioning in the network after infection. For instance, a malicious user may be hired to cripple a competitive or rival company in the market by launching a denial of service attack. The discussed below are the three types (volumetric, protocol, and application-layer attacks). Types of Distributed Denial of Service Attack. a.	The Application Layer Attack The attack is also known as the layer 7 attacks. The malicious users launching the attack aim to exhaust the target's resources, thereby creating a denial of service. The DOS attack has its specific target on the application layer, where the web pages are created and delivered to the client upon responding to an HTTP request from the client. For effective running of the HTTP request on the server, the service focuses on loading the multiple files running the database queries needed to create a web page. Upon the creation of the web pages, the response is given back to the client (Mahjabin et al. 2017). The attack is difficult to detect and prevent, as it is difficult for one to assess legit traffic from malicious traffic. The numerous HTTP request from multiple clients both legit malicious cause traffic on the web pages, thereby slowing down the process or completely interrupting the process hence causing a denial of service. The attack targets web-based applications, web servers, and web application platforms. The attacker will make the server have crashed, making the application that uses the server difficult to access. The attacker exploits the available vulnerabilities exposed by the user, or the attacker finds them in the application. This business logic is underlying or focuses on abusing the HTTPS or SNMP in the network. The attack's success is enhanced because it uses less bandwidth; hence, the rate of display of network traffic is slow compared to other attacks, making its detection difficult. The attack launched on a system is measured in terms of requests per second sent to the server. ●	HTTP flood The exploitation of the legitimate request of an HTTP POST or GET in an attempt to attack the web server or web-based application. The attack uses less bandwidth on the target host to remain undetected. The attacker makes sure that the web-based application server uses maximum resources when responding to a single request made—causing a denial of service attack. b. Protocol attacks The attack was launched by a malicious user to over-consuming the available server resources or the existing resources of the load balancers and the network firewalls, thereby leading to a denial of service attack (Yadav et al. 2016). The attack is also called state exhaustion, as it causes a complete disruption of the server functionality. The attack targets the OSI model's network layer and transport layer, layers 3 and 4. The attack is portrayed using the SYN flood attack. ●	SYN flood attack The attack launched uses the TCP handshake where the computers in a network initiate communication by sending the target number of TCP connections with spoofed source IP addresses. When a client sends an HTTP request and the server before confirmation, more requests come in until it becomes overwhelming, and the resources depleted, causing a denial of service when the target machine sends responses to the clients that made connection requests and waits for the final handshake that never comes leading to exhaustion of target machine resources (Zeebaree et al. 2020). ●	Ping of death attack The malicious pings are sent to the target host by the attacker. There exists a limit of packets sent in the data link layer. A larger IP packet is split into multiple IP packets making the recipient host reassemble the packets for completion (Yihunie et al. 2018). The attacker maliciously fragments a content making the host end up with a larger IP packet on reassembling. The result leads to the overflowing of the memory buffer allocated to the packet. The attack causes legitimate packets to suffer from denial of service. c.	Volumetric attacks The malicious user on launching this attack consumes all the existing bandwidth between the target machine and the larger internet, thereby causing high-level congestion in the network (Larson & D, 2016). The attack's nature is based on the transmission of numerous data to an identified target using the application as the basic form or using other manipulative ways of creating massive traffic in the network, such as the request sent from a botnet. The attacker uses DNS amplification as a way to cause a denial of service to users. ●	ICMP floods The attack focuses on overwhelming the target source. Let's say the server with the ICMP Echo requests or the ping packets. The botnet controlled by the attacker sends the packets faster without waiting for a response or replies. The attacks consume the incoming and outgoing bandwidth since the server being targeted will try responding to the ping packets resulting in slowing down the server performance or complete interruption. ●	UDP floods The attack focuses on flooding the target with User Datagram Packet to ensure the random ports are flooded on the remote host. The host continuously checks for the listening application at that port, having ICMP destination unreachable packet, thereby sapping the resources leading to service accessibility in the network. ●	Domain Name Server application. The attacker makes sure that he sends multiple requests to an available Domain name Server using a spoofed IP address in the network. The server's target IP address receives the request from the owner of the spoofed IP address from the server in the network, which leads to congestion because of numerous requests sent to them, causing a denial of service attack (Costa et al. 2016).

Prevention of DDOS attack ●	We are purchasing more bandwidth to make network infrastructure resistant to DDOS attacks in spikes in traffic caused by malicious user activities. ●	Use of Anti-DDOS software modules and hardware where load balancers are used and the addition of software modules in different web servers to prevent the occurrence of DDoS. The close monitoring of incomplete connections flushing them out as the number reaches a given threshold value configured is the best preventive measure to DDOS. ●	Configuring the hardware in the network against DDOS attacks will reduce malicious activities on the network. Small changes like configuration of firewall to drop requests made to the DNS from outside the network.