Denial of Service attacks and Distributed Denial of Service attacks are attacks which involve one or several machines attacking the ports of a target machine to deny it from using networks or network resources. These attacks have been a problem for users of any services, and especially for businesses which rely on providing online services. DoS attacks can be largely mitigated using DoS mitigation services, and some techniques may be used to uncover the source of the attacks.
Keywords: DoS; DDoS; DoS mitigation; DoS tracing;
Denial of Service attacks and Distributed Denial of Service attacks, more commonly referred to as DoS and DDoS attacks, are one of the more common attacks anyone can face, ranging from attacks on company sites to attacks on peoples personal computers for a wide range of reasons. They mostly function on the same basic principle of flooding the ports used by a device to connect to a network, rendering it unable to communicate. The Difference between DoS and DdoS is evident from the name, DoS attacks are the result of one machine, sending superflous requests to a machines ports to block any legitimate requests from being fulfilled, while a DdoS attack can be traced back to multiple machines, usually a botnet, all simultaneously spamming a machine with requests. An example of a DdoS attack is one which occured on February 2020, where a global botnet flooded Amazon Web Services with up to 17.2 million requests every second.
DoS attacks can be categorised based on the method of attack.[3]
The motivation behind DoS attacks can range from ideological hacktivism to cyber warfare between rival enterprises.[3] Whatever the reason, DoS attacks can disrupt communication and cost companies hundreds if not millions of dollars. As DoS attacks are becoming increasingly common various strategies have emerged in order to mitigate said loss as much as possible. Outside of buying a DoS mititgation service, common strategies involve:[5]
During an attack the advised countermeasures are:[5]
Outside of these steps that can be taken by potential victims of DoS attacks, people offer DoS mitigiation services which can work on a variety of different methods. These can be on-site for optimal response speed, or cloud based for scalability, or a hybrid between the two to combine the best of both worlds. The following are the most common methods:[2]
DoS and especially DDoS attacks can be very difficult to trace especially if the attacker is experienced and knowledgable on the subject, however it is only human to make mistakes. In the case of DoS attacks the source is a single machine and in the case of a novice attacker, IP traceback methods could be used to find the source and the geolocation, however this is completely void in the case of experienced attackers that know how to spoof IP addresses. While DDoS is much more difficult to trace we can still use IP traceback to locate the bot's IP and location, and potentially identify the network providers of said bots. This is feasable with small botnets, but using this method on a botnet of ten thousand bots or more is hardly effective. However, with DDoS a much more reliable method is utilising forensics. DDoS attacks are commonly used to cover up a much more serious attack which are also much easier to trace. In the case of bot nets as a service, which can be found on offer on the dark web, it is possible trace a request to said service which started the attack or even follow a payment trail to find the buyer and/or seller of the service.[1]
Denial of Service is an everpresent threat in todays online interconnected world. While specialists have made large strides in techniques involving mitigating and defending from DoS attacks, attackers have also improved their methods of attack. This is an ongoing arms race which will more than likely continue into the forseeable future. Sadly, there is no centralised place to report such attacks, and victims are unlikely to report such attacks in the first place for financial reasons or for fear of harming their reputations, not to mention network providers have to protect customer data. Hopefully some day in the future DoS attacks are treated more seriously and an organisation is created with the purpose of not only stopping attacks, but also bringing the attackers to justice.
[1] Asturias, D. (2021, January 6). How to Trace a DDoS Attack? Cloudbric.
[2] datadome.co. (n.d.). How does DDoS protection work? Datadome.
[4] Chickowski, E. (2020, September 17). What is DDoS mitigation and how does it work? AT&T Business.
[6] Higgins, K. J. (2007, October 3). How to Trace a DDOS Attack. Dark Reading.