Tuesday, April 2, 2013

What is the DoS-attack?

   One of characteristic tendencies for the modern Internet is growth of number of so-called DoS-attacks (from English Denial of Service – refusal in service). To DoS-attacks lead the actions of malefactors causing an overload of this or that technological element in a chain, providing communication of Internet users with the website. As a result of such actions the website is inaccessible to viewing.

   So malefactors can continuously send to the web server very large number of requests for extraction of pages. As any web server has restriction on the maximum number of visits in unit of time which it can serve, in the presence of rather large number of inquiries the new cease to be processed. As a result, for the majority of visitors the site is not working.

   Similar shutdown of a commercial site can lead to losses in business. Also DoS-attacks use as a way to put pressure, to frighten for the publication of certain materials.

   DoS-attack can arise and is casual if at some instant time for a site a large number of visitors collapses. Such can be if on a site there is a link from any very popular resource or when owners order extensive advertizing, and a site have on a cheap hosting.

   The simplest DoS-attack can be executed by means of one computer. By means of the special program such computer starts filling up the attacked website with inquiries. It can be even the simple browser which constantly refreshes the page to the specified address. But on the modern Internet similar attack has the minimum chances of success. Used protocols of data transmission allow to filter a hosting provider too intensive stream of inquiries to the source IP address.

   One of the most dangerous and difficult for blocking on the parties a hosting provider of types of DoS-attacks – the distributed DoS-attacks (or DDoS – Distributed Denial of Service – the distributed refusal in service). Within DDoS-attack requests for the website are sent not one computer, and by a set of computers.

   For realization of DDoS-attacks malefactors use bots – networks from the computers infected with programs worms located worldwide. Large bots can include tens and hundreds thousands computers. Users of these cars, most likely, don't suspect that their computers are infected with harmful programs and are used by malefactors. Bots are created by malicious software mailing, and the infected cars regularly receive further commands from the administrator of the bot. Therefore it is possible to organize coordinated actions of computers zombies on attack of websites and other resources.

   Effective way of implementation of DDoS-attack is sending by cars zombies of such requests to the web server which will demand essential costs of computing resources of processing. Therefore malefactors try to reveal in the software of function used on the server which can be involved for creation of additional load of the server. Often such functions are caused at data processing of forms of registration, etc.

   Universal methods of protection against DoS-attacks don't exist. Nevertheless in practice the various protective tools complicating carrying out attacks and reducing damage from them are used. It is important that the program code of a site was well optimized, the published content was cached, and the quantity of points of creation of loading was minimized.

   In practice the protective tools working at level a hosting provider are much more effective. The provider possesses more detailed information on characteristics of attack and can observe in details the directions of its development. Moreover, the hosting provider can "filter" attack in such a way that attacking inquiries simply won't reach the server, availability of the server to inquiries of conscientious visitors thus will remain.

   For fight against DoS-attacks a hosting-provaydry in a special way adjust the software operating routing of packages of data. Also the hardware-software complexes finding attacks and applying counter-measures in an automatic mode are used. However it must be kept in mind that for processing of packages of the data making DoS-attack, all of them have to be equally delivered to the filtering equipment of provider. And even if this equipment very productive, rather powerful attack always can simply "flood" communication channels of provider. However, it is more difficult to make it, than to cause an overload of the single web server working at a virtual hosting.

No comments:

Post a Comment