Slijede razlike između dviju inačica stranice.
| Starije izmjene na obje strane Starija izmjena Novija izmjena | Starija izmjena | ||
|
racfor_wiki:mrezna_forenzika:ddos_napadi [2022/01/07 16:35] vmuzevic [Literature] |
racfor_wiki:mrezna_forenzika:ddos_napadi [2024/12/05 12:24] (trenutno) |
||
|---|---|---|---|
| Redak 13: | Redak 13: | ||
| ===== Types of attacks ===== | ===== Types of attacks ===== | ||
| - | DoS attacks can be categorised based on the method of attack. | + | DoS attacks can be categorised based on the method of attack.< |
| *Volume Based Attacks: Includes UDP floods, ICMP floods and other spoofed-packet floods. The goal is to saturate the bandwith of the attacked machine. The magnitude of the attack is measured in bits per second (Bps) | *Volume Based Attacks: Includes UDP floods, ICMP floods and other spoofed-packet floods. The goal is to saturate the bandwith of the attacked machine. The magnitude of the attack is measured in bits per second (Bps) | ||
| *Protocol Attacks: Includes SYN floods, fragmented packet attacks and more. This type of attack relies on packets over bits to consume server resources and disrupt firewalls other intermediate communication equipment. As a result, these attacks are measured in packets per second (Pps) | *Protocol Attacks: Includes SYN floods, fragmented packet attacks and more. This type of attack relies on packets over bits to consume server resources and disrupt firewalls other intermediate communication equipment. As a result, these attacks are measured in packets per second (Pps) | ||
| Redak 26: | Redak 26: | ||
| ===== DoS Mitigation ===== | ===== DoS Mitigation ===== | ||
| - | The motivation behind DoS attacks can range from ideological hacktivism to cyber warfare between rival enterprises. Whatever the reason, DoS attacks can disrupt communication and cost companies hundreds if not millions of dollars. As DoS attacks are becoming increasingly common various strategies have emerged in order to mitigate said loss as much as possible. Outside of buying a DoS mititgation service, common strategies involve: | + | The motivation behind DoS attacks can range from ideological hacktivism to cyber warfare between rival enterprises.< |
| - | *Protecting organisation | + | *Protecting organisation |
| *Ensure 24/7 contact details are maintained for service providers and vice versa. | *Ensure 24/7 contact details are maintained for service providers and vice versa. | ||
| *Establish out-of-band contact details such as a mobile phone number for service providers to use if normal communication fails due to DoS attack. | *Establish out-of-band contact details such as a mobile phone number for service providers to use if normal communication fails due to DoS attack. | ||
| Redak 35: | Redak 35: | ||
| *Use cloud-based hosting with high bandwidth, preferably multiple hosts to obtain redundancy. | *Use cloud-based hosting with high bandwidth, preferably multiple hosts to obtain redundancy. | ||
| - | During an attack the advised countermeasures are: | + | During an attack the advised countermeasures are:< |
| *Contact service provider for any immediate actions they may be able to take. | *Contact service provider for any immediate actions they may be able to take. | ||
| Redak 41: | Redak 41: | ||
| *Disable any functionality of online service which enables the current DoS attack. | *Disable any functionality of online service which enables the current DoS attack. | ||
| - | Outside of these steps that can be taken by potential victims of DoS attacks, people offer DoS mitigiation services which can work on a variety of different methods. These can be on-site for optimal response speed, or cloud based for scalability, | + | Outside of these steps that can be taken by potential victims of DoS attacks, people offer DoS mitigiation services which can work on a variety of different methods. These can be on-site for optimal response speed, or cloud based for scalability, |
| *Clean Pipe protection involves scrubbing all incoming traffic in order to separate malicious traffic from legitimate traffic. This method requires a Border Gateway Protocol router and hardware for termination of GRE tunnels. Detection is also a must for this method as without adequate detection the traffic will not be rerouted to the scrubbing centre. False positives and packet-based or application layer flood attacks are weaknesses of the Clean Pipe method. | *Clean Pipe protection involves scrubbing all incoming traffic in order to separate malicious traffic from legitimate traffic. This method requires a Border Gateway Protocol router and hardware for termination of GRE tunnels. Detection is also a must for this method as without adequate detection the traffic will not be rerouted to the scrubbing centre. False positives and packet-based or application layer flood attacks are weaknesses of the Clean Pipe method. | ||
| Redak 49: | Redak 49: | ||
| ===== Tracing DoS attacks ===== | ===== Tracing DoS attacks ===== | ||
| - | DoS and especially DDoS attacks can be very difficult to trace especially if the attacker is experienced and knowledgable on the subject, however it is only human to make mistakes. In the case of DoS attacks the source is a single machine and in the case of a novice attacker, IP traceback methods could be used to find the source and the geolocation, | + | DoS and especially DDoS attacks can be very difficult to trace especially if the attacker is experienced and knowledgable on the subject, however it is only human to make mistakes. In the case of DoS attacks the source is a single machine and in the case of a novice attacker, IP traceback methods could be used to find the source and the geolocation, |
| ===== Conclusion ===== | ===== Conclusion ===== | ||