what is ddos?

[Frudu]

Exactly what is a DDoS attack?
1) What is ddos attack?
2) What is dos attack?
3) How do you stop/prevent it?
4) How does it work; does it ping a server to death or something else?
5) Does a good router stop it? Something like a Netgear Nighthawk?
6) is it illegal?

Thank you!

[Mike]

1) Short explanation it makes a your internet stop for a while
2) same as 1
3)No way of preventing besides using a vpn so your ip is of the vpn and not your wifi
4) There are several types of attacks, shells and some ping. it just hits the connection with so much bandwidth it shuts your internet down.
5) Yes a good router can stop but also a really good connection is needed as well because it can hit 20mb worth of shells and you have a 40mb connection it will just slow you down not completely stop
6) Very much but not many are caught unless they are hitting major companies, governments

[bcnu]

DDOS uses multiple computers to create a DOS attack.

A DOS attack is typically a bombardment of excess traffic requests to a node that overloads it, preventing any useful work from being performed.

A ping attack is one type of DOS, especially where someone has carelessly configured a device to accept outside pings with oversized packets and forward them to the entire internal network. Another type of ping attack uses a stream of malformed packets to an open port that wastes time trying to parse them, or simply crashes.

There are dozens of possible DOS attack modes, depending upon the target and the attacker's resources.

You probably cannot "stop" a DOS, without finding the source(s), but many devices can at least detect some types of attack and ignore them fast enough to avoid degrading useful traffic. A VPN or a direct circuit to a site that has implemented detection can be a useful solution.

The USA and UK have specific federal laws that penalize those caught committing DOS attacks. Other countries, or individual states, may have laws that simply hold the attacker liable for damages, assuming they survive the visit from the guys in the black SUV, y'know, the one with the tinted windows parked outside ...

[Mike]

In my opinion and experience, the denial of service can be through heavy network traffic but usually involves a little more to be effective.

Let's suppose a person wished to render a network virtually useless for "testing" purposes. While sheer network traffic alone through a DDoS group of thousands of drones would work, another tactic would be to first interrogate the network through port scans, sometimes over a period of weeks or months to avoid detection. Emailing the target and getting an NDR can also be useful for identifying the email system and OS of it's host. Once ports were found to be open, the ports would be sent additional traffic which may result in further identification of exact versions of routers, switches, and servers in general but especially smtp/dns/iis/sql vulnerabilities. Those last four can come out of the box installed with vulnerabilities, those introduced by updates or user misconfigurations. Requests that call a routine resulting in a memory leak, or requests designed to exhaust cpu cycles, or cause thousands of lookups beyond the device capabilities all can be effective. The end result always being that the target system be incapacitated and unable to do either a single function, or complete failure, the tester's choice.

Exploiting a service specifically with traffic designed to exploit known limitations and vulnerabilities results in a faster, and near perfect network shutdown (via a router failure by cpu utilization, server failure due to cpu or network utilization for example).

On the opposite end, one could simply drop USB thumb drives in the parking lot of the target, and as employees picked them up and used them once on the internal network it would launch hidden code to do whatever you asked of it, including code which results in an internal DoS attack (with user priviledges). This would be a vector for introducing the DoS attack, and thereby part of the attack.

Yes, routers and servers can be configured to prevent these attacks in general. However, due to new exploits being discovered daily, a complete security plan including patch management and firmware updates are highly successful in mitigating these attacks. On the Nighthawk, I am not familiar with that router and cannot comment.

In general DoS prevention on a router or service port is as simple as setting allowed IP ranges and/or a rate limit and cutoff if exceeded, with sometimes a failback timer to open it back up. Many routers provide than functionality. Some routers provide for GeoExclusions (ie: check a box to allow/deny WAN traffic to/from a country) are very useful and effective. There are also routers that can use RBLs and Blacklists not just SMTP traffic.

It is illegal, and enforced if the corporation has contributed to the politicians and elected officials, hits the news cycle a few times, or causes great loss or suffering. Rarely are they attackers located in the US, and prosecution of offenses from foreign soil cannot be inititated from the US, only requested of the foreign nation.

In addition to various sections of the United States Code (18, 19 USC), here in California Penal Code section 502©5 prohibits any person who "Knowingly and without permission disrupts or causes the
disruption of computer services or denies or causes the denial of
computer services to an authorized user of a computer, computer
system, or computer network."

A person with some free time might set up a "honeypot" of various vulnerable devices and systems wide open on the internet and when someone rings the bell or comes on in, a counter sweep and tit-for-tat against the attacker can sometimes be very productive if not downright entertaining. Oh yeah, they have that - check out DEF CON, or check out the classes from SANS.