Dos refer to deliberate efforts by a person to temporarily or permanently suspend or interrupt services of a host connected to the internet. According to The United States Computer Emergency Readiness Team (US-CERT), this kind of attack has diverse effects on the computer system. Some of them include slow opening of the web sites; inability to open certain web sites; unavailability of certain web sites and a sharp increase in the total number of spasm emails received (Andress, M. et al., 2009).
How it works
In this kind of attacks, the attacker explicitly attempts to prevent the legitimate service users from using it. This can either lead to the crush or flooding of the service. However, it can be perpetrated through the following ways:
- Consumption of bandwidth, compressor time, disk space or any other computational resources
- Disruption of state data such s unsolicited resetting of the TCB sessions
- Disruption of configuration data like routing
- Disruption of the components of the physical networks
- Blocking of the communication channel between the victim and the intended user in order to obstruct further communication
Some of the ways through which this kind of attack can be prevented include the following:
- Use of firewalls
The firewalls can be effectively applied here because of their ability to deny or allow IP addresses, ports or protocols. If properly used, they can help in effective prevention of the user from launching flooding attacks particularly from the machines located behind the firewall itself. However, the firewall may not effectively filter certain attacks because of their complexity and inability to distinguish the DoS attack traffic from the good ones (Yuval, F., 2004).
Switches can also be used to prevent these attacks because they have automatic, TCP splicing, Bogon filtering, wide rate limiting, deep packet inspection and traffic shaping. These enable it to detect and prevent service attack denial through balancing, automatic rate filtering or WAN Link failover. However, this is dependant on the type of attack experienced. For instance, in case of content attacks, deep packet inspection is used. If a proper selection is done, the attacks will be dealt with and prevented before they cause any damage to the computer.
Routers are manually set to help them prevent any attack to the computer network system. Even if DoS attacks can easily overwhelm them, they possess some ACL and limiting rate capacity which enable them to prevent flooding.
Distributed denial-of-service attacks (DDos)
DDoS refers to the type of attack that involves all computers within a network from any part of the world. In other words, unlike DoS which only involves one computer, the DDoS attack involves a lot of computers. This means that an attack on a single computer will eventually affect all the others in the same system globally (Kristoff, J., 2007).
According to series of researches, the DDoS attacks are so cheap to launch, but extremely expensive to stop. This is due to the complexities involved in it.
Just like the DoS attacks, the DDoS attacks are also preventable. It is very important to take appropriate measures to prevent the occurrence of such attacks to a computer network. However, some of the preventive measures include, but not limited to the following:
- Use of IP address
The IP address can be used in preventing it by verifying the reverse-path on the in put interface at the end of the router connection. This helps in stopping the SMURF attacks especially at the ISP's POP. Hence, there is a full protection of all the users of the internet server.
It is very simple to prevent DDoS attacks by filtering because they are very easy to spot. This is done by training routers to drop the DDoS connections, thus, preventing the attacks from slowing the server or network (Kristoff, J., 2007). If all the potential threats are spotted in time, it will be easier to deal with them and prevent any possible attack they may cause the user.
- Black holing
This is a method of preventing DDoS attacks that help in the elimination of the flooding effects of attacks. It does this by channeling all the traffic to an address which does not exist from the site that is under attack. This eventually prevents the flood from impacting on other sites within the network or server. If this happens, the system will be protected from any attack that would cause unnecessary trouble to the user.
In conclusion, I would like to say that these types of attacks are very dangerous for any computer network system. The DoS attacks can cause a very big problem to all the people relying on a certain server which is affected. Meaning, unsuspecting users may be affected even if they are thousand of miles away from the attacker. Therefore, it is important to be cautious about the kind of server being used. In order to prevent such problems in time, each and every one should be careful. They should always understand that the exposures to such dangers are always there. Therefore, they should seek the advice of their technicians and take the necessary measures in case of attacks. This is the only way through which they will ensure that their data is safe from any corruption or loss.