Difference between a DOS and a DDOS attack and how to prevent it
Sup Nerds how are you doin’ today? If you came to this page from an online search then you must be a Nerd in a good way. In no way would an ordinary person search for such a topic and even if you consider yourself ordinary as long as you are on this blog then you must be a geek in some way. I’m a nerd my self and I’m proud. This query is related to the website development industry and computer security. So, in this article, I’ll define different types of DOS attacks that might occur on your server. Also, show you a way to prevent them so you can safely develop your website. So, let us show you the difference between a DOS and a DDOS attack and how to prevent it.
What is a DOS attack?
In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting the services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.
Explain by an Example
English please!, Well if you are a Supermarket owner and you’re standing in your shop. Let’s say your shop’s capacity is 10 people per hour. And you can squeeze them and raise it up to 15 persons. Every client would need at least 6 Minutes to handle. If you get 15 people you would have to work faster and handle every person in 4 minutes. If you get more than that you would not be able to handle them probably. Then maybe the numbers will start to increase every hour.
In the first hour let’s say you have 30 customers. You were able to handle 15 of them but in the second hour. You got another 30 which means that you now have 45 customers waiting. So, you will handle 15 and in the next hour, you will have another 30 which means in the third hour you have 60 clients waiting, and so on.
Eventually, you will be overloaded and after 6 hours your clients will start breaking your store and eventually destroy your business.
DOS attack or Denial of service attack is the same concept. You have a website and limited resources, depending on your hosting provider and your current plan. The Hacker or the Attacker wants to shut down your website so he starts consuming these resources rapidly and very fast until they are exhausted.
Let’s say your hosting provider gives you 2 GB of bandwidth every month. You have a very simple website with one page and this 2 GB should be more than enough based on the number of visits per month, your webpage has a simple picture of a river and a logo of your brand. The logo’s size is 1 MB “Theoretically”, a simple DOS attack will make 2,000 requests to open or download this logo. By the last hit, your resources will be exhausted and your hosting provider would tell you to upgrade or wait for the next renewal.
Another type is an attack on the database resources, if your hosting provider allows a 100 connection per minute then if the attacker requested more than that your website will be unavailable.
There are so many techniques but the concept is the same, flood your server with illegitimate traffics and block any legitimate traffic that comes to your server.
What is a DDOS Attack?
distributed denial-of-service attack (DDoS attack), the incoming traffic flooding the victim originates from many different sources. This effectively makes it impossible to stop the attack simply by blocking a single source.
A DoS or DDoS attack is analogous to a group of people crowding the entry door of a shop, making it hard for legitimate customers to enter, thus disrupting trade
Explain by an Example
In simple English it’s the same as a DOS attack but it means the attacker would use several machines to do the attack, it could be two machines, or it could be hundreds or even millions of machines that target the same server at the same time.
What’s the difference between the DOS attack and the DDOS attack?
Well, in a DOS attack the attacker would use one machine to do the attack while in DDOS number of machines involved would be greater than 1.
Types of DOS & DDOS attacks:
- POST DoS attack
- Challenge Collapsar (CC)
- ICMP flood
- SACK Panic
- Slow Read
- Sophisticated low-bandwidth
- SYN flood
- TTL expiry
- SSDP reflection
All of these attacks are based on the same concept which is to flood the network one way or another, while I was studying I came across most of them and I tried some of these on my local machine to figure out how to prevent these types of attacks and study their purpose too.
Besides while I was working as a security engineer I had to deal with this daily, however, what I found most interesting was number 9 the Mirai attack.
This technique is one of the evilest attacks that I have ever encountered in my entire life, whoever discovered this is really something, an evil genius maybe, but I believe that every bug someone discovers even if it’s malicious we can turn this around and use it to enhance our lives in a good way so someway, so, I’m really thankful to this person.
In this attack the attacker uses a bug in IoT, in anything that’s poorly protected and connected to the internet and can give any bandwidth like thermostats, Wi-Fi enabled clocks and washing machines.
The worm would allow anyone to control these machines to send traffic to any IP address, imagine what you can do with millions of infected devices.
In 2016 this attack was executed on Twitter, Netflix, etc.
The servers were unreachable for several hours and the bug was discovered but this is one of the most malicious attacks that I have ever seen in my entire life.
Why do DOS|DDOS attacks exist?
In the hacker’s world, you have to hurt in order to get respect as with any criminal activity, they do it because they can or because someone might have hired them to get rid of competition or to steal something from the database and they need camouflage to buy some time.
How to prevent DOS|DDOS attack
Now, after we explain the difference between a DOS and a DDOS attack, let’s talk about how to prevent it. If you are a website owner then you need to take this seriously, this website was shut down once in 2014 it was receiving about 30,000 visits/month because of an opponent who wanted to shut me down.
First, you need to choose your hosting provider very very carefully, you need to know what’s your limits, bandwidth, IOPS, and all of these details before you launch it.
Put a plan based on your needs, will it be an eCommerce website? A blog? a CV or a business website?
Estimate your potential visits and choose your plan then after you integrate it do the following:
1.Cloudflare it, and for those who don’t know what is a Cloudflare, it’s a company that prevents DOS attacks, they have several planes one of them is free, all you need to do is change the DNS of the domain’s name to there.
Very straight forward operation and it takes no time, it’s essential for any website to integrate Cloudflare or you will need to buy your own firewall.
2. Use Google Recaptcha V3.
3. Hide your domain name information as a precaution.
Finally, we tried to simplify the idea as we can. Explained the difference between a DOS and a DDOS attack and how to prevent it.
DOS|DDOS attacks are a real threat for any website owner, you need to make strict measurements to prevent such things.
if you are serious about your business or your website you should be aware of this and do what we have discussed in this article to prevent any hacker from missing with your website especially if you have an eCommerce website or your website has a large set of active users.