| Starije izmjene na obje strane
Starija izmjena
Novija izmjena
|
Starija izmjena
|
racfor_wiki:mrezna_forenzika:ddos_napadi [2022/01/07 16:58]
vmuzevic [DoS Mitigation] |
racfor_wiki:mrezna_forenzika:ddos_napadi [2024/12/05 12:24] (trenutno)
|
| The motivation behind DoS attacks can range from ideological hacktivism to cyber warfare between rival enterprises.<sup>[3]</sup> Whatever the reason, DoS attacks can disrupt communication and cost companies hundreds if not millions of dollars. As DoS attacks are becoming increasingly common various strategies have emerged in order to mitigate said loss as much as possible. Outside of buying a DoS mititgation service, common strategies involve:<sup>[5]</sup> | The motivation behind DoS attacks can range from ideological hacktivism to cyber warfare between rival enterprises.<sup>[3]</sup> Whatever the reason, DoS attacks can disrupt communication and cost companies hundreds if not millions of dollars. As DoS attacks are becoming increasingly common various strategies have emerged in order to mitigate said loss as much as possible. Outside of buying a DoS mititgation service, common strategies involve:<sup>[5]</sup> |
| |
| *Protecting organisation domanian names by using registrar locking. | *Protecting organisation domain names by using registrar locking. |
| *Ensure 24/7 contact details are maintained for service providers and vice versa. | *Ensure 24/7 contact details are maintained for service providers and vice versa. |
| *Establish out-of-band contact details such as a mobile phone number for service providers to use if normal communication fails due to DoS attack. | *Establish out-of-band contact details such as a mobile phone number for service providers to use if normal communication fails due to DoS attack. |
| ===== Tracing DoS attacks ===== | ===== Tracing DoS attacks ===== |
| |
| DoS and especially DDoS attacks can be very difficult to trace especially if the attacker is experienced and knowledgable on the subject, however it is only human to make mistakes. In the case of DoS attacks the source is a single machine and in the case of a novice attacker, IP traceback methods could be used to find the source and the geolocation, however this is completely void in the case of experienced attackers that know how to spoof IP addresses. While DDoS is much more difficult to trace we can still use IP traceback to locate the bot's IP and location, and potentially identify the network providers of said bots. This is feasable with small botnets, but using this method on a botnet of ten thousand bots or more is hardly effective. However, with DDoS a much more reliable method is utilising forensics. DDoS attacks are commonly used to cover up a much more serious attack which are also much easier to trace. In the case of bot nets as a service, which can be found on offer on the dark web, it is possible trace a request to said service which started the attack or even follow a payment trail to find the buyer and/or seller of the service. | DoS and especially DDoS attacks can be very difficult to trace especially if the attacker is experienced and knowledgable on the subject, however it is only human to make mistakes. In the case of DoS attacks the source is a single machine and in the case of a novice attacker, IP traceback methods could be used to find the source and the geolocation, however this is completely void in the case of experienced attackers that know how to spoof IP addresses. While DDoS is much more difficult to trace we can still use IP traceback to locate the bot's IP and location, and potentially identify the network providers of said bots. This is feasable with small botnets, but using this method on a botnet of ten thousand bots or more is hardly effective. However, with DDoS a much more reliable method is utilising forensics. DDoS attacks are commonly used to cover up a much more serious attack which are also much easier to trace. In the case of bot nets as a service, which can be found on offer on the dark web, it is possible trace a request to said service which started the attack or even follow a payment trail to find the buyer and/or seller of the service.<sup>[1]</sup> |
| |
| ===== Conclusion ===== | ===== Conclusion ===== |
