Web Hosting
Web Hosting
Budget Web Hosting
Unix Web Hosting
Windows 2003 Hosting
Reseller Web Hosting
Dedicated Servers
Unix Web Hosting
Finding the best
Web Host
hosted
Guide to Dedicated Server Web Hosting
web host
More Web Hosting related Articles
web host
Domain Name Articles
web host
Search Engine Optimization Tips & Tricks
web host
The complete beginner's guide to finding a web hosting company...
Dedicated Server

recommended web host
Virtual Private Servers
Looking for High Speed Internet Quotes? Submit your FREE, NO RISK, NO OBLIGATION request now.
FrontPage Web Hosting
Are you a Web Hosting Vendor? Click here to get listed in Host Lead's PPC Top List. Get a free $15 bonus if you deposit $20 or more.
cold fusion web hosting
Dedicated Servers
Web Hosting
HostCompanies.com HostCompare.net
HostProfessor.com
WebHostingHunter
Developer Articles
Web Hosting Hosts
WebHostingTalk.com

Web Hosting web sites
exchange links with
Host Lead
E-mail us now

Resources...

Home > Articles > Web Hosting Related > DDoS Attacks

By Edwin Gonzalez

A Distributed Denial of Service (DDoS) is an attack on a network which is designed to bring it to a halt. This is done by sending useless traffic to a specific service/port on a server. The amount of traffic sent would overwhelm the service, so that legitimate traffic would be dropped or ignored.

DDoS attacks have developed from the wild 1997 basic DoS attacks. These attacks originate from one source and can emerge from 100’s of locations around the world. The most visible attacks were those in February 2000, where high traffic sites (eBay/Amazon/ Yahoo/CNN/Buy.Com/Datek/ZDNet) were faced with the task of handling huge amounts of spoofed traffic. In recent days, there have been attacks on Cisco which resulted in considerable downtime. Some public blacklists have also been targeted by spammers and taken out of business.

ddos

The following are different types of attacks.

Smurfing: The culprit sends a large amount of ICMP echo traffic at IP Broadcast addresses, all of it having a spoofed source address of a victim. This multiplies the traffic by the number of hosts.

Fraggle: This is the cousin of the smurf attack. This attack uses UDP echo packets in the same was as the ICMP echo traffic.

Ping Flood: The culprit attempts to disrupt service by sending ping requests directly to the victim.

Syn Flood: Exploiting the flaw in the TCP threeway handshake, the culprit will create connection requests aimed at the victim. These requests are made with packets of unreachable source addresses. The server/device is not able to complete the connection and as a result the server ends up using the majority of its network resources trying to acknowledge each SYN.

Land: The culprit sends a forged packet with the same source and destination IP address. The victims system will get confused and crash or reboot.

Teardrop: The culprit sends two fragments that cannot be reassembled properly by manipulating the offset value of the packet and cause a reboot or halt of the victim’s system.

Bonk: This attack usually affects Windows OS machines. The culprit sends corrupted UDP Packets to the DNS port, 53. The system gets confused and crashes.

Boink: This is similar to the Bonk attack; accept that it targets multiple ports instead of only 53.

Worming: The worm sends a large amount of data to remote servers. It then verifies that a connection is active by attempting to contact a website outside the network. If successful, an attack is initiated.
This would be in conjunction with a mass-mailing of some sort.

Proactive Measures With the current TCP/IP implementation, there is very little that companies can do to prevent their network from being DDoSed. Some companies can be proactive and make sure all their systems are patched and are only running services they need. Also implementing, Egress/Ingress filtering and enable logging on all routers will disable some DDoS attacks. “Egress filtering is the process of examining all packet headers leaving a subnet for address validity. If the packet’s source IP address originates inside the subnet that the router serves, then the packet is forwarded. If the packet has an illegal source address, then the packet is simply dropped. There is very little overhead involved, therefore there is no degradation to network performance.”

-Cisco Website

Below you will find a simple SYN attack detection script that could be set to run every 5 minutes via a cronjob. In case of an attack you would receive and email with IP information; remember the IP information is usually spoofed.

#!/usr/bin/perl -w
#Simple Script to monitor syn attacks.
$syn_alert=15;
$hostname=`hostname`;
chomp($hostname);
$num_of_syn=`netstat -an | grep -c SYN`;
if($num_of_syn > $syn_alert)
{
`netstat -an | grep SYN | mail -s
“SYN ATTACK DETECTED ON
$hostname” admin\@yourcompany.com`;
}
else {
}
exit;

Conclusion: DDoS attacks are very difficult to trace and stop. New hardware appliances are being manufactured specifically for these types of attacks. Many dedicated server providers simply unplug the server that is being attacked until the attack has stopped. This is not a solution this is a careless and temporary fix. The culprit will still exist and is not held accountable for their actions. Once an attack is detected hosts should immediately engage their upstream providers.

Edwin Gonzalez is the founder of Datums Internet Solutions, LLC (www.datums.net) based out of New York. In addition to dealing with day-to-day operations, he works on building his library of shell one-liners. Datums Internet Solutions, LLC | SunsetHost.Com Imagine.Create.Upload://Today! egonzalez@datums.net www.datums.net
Web HostingWeb Hosting

http://www.ipowerweb.com

Web Host

Dedicated Servers List
The ultimate source of top hosting companies offering dedicated servers. Get your company listed.

Webmaster Forums
Visit Webmaster-Talk.com and get your free site review! Discuss Design, Hosting, Coding and more.

Spam Blocker
Featuring the Internets
Best Spam Blockers & Resources to Help You Stop Spam!

Remote PC Access
A fast, easy and secure way to access your PC via any Web browser. FREE Trial Download.

Shopping Cart Software
Fast, reliable, and most of all EASY TO USE, 3dCart will get your business online in just a few minutes!

FortuneCity Web Hosting
Web Hosting Providers
Web Hosting Provider
Cheap Web Hosting
Dedicated Servers
Ecommerce Hosting

windows 2003 host