Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


How do people DDoS?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

How do people DDoS?

I can't find much information on DDoS attacks, but for educational purposes how does it work? Everyone talks about it, how is it done?
I am looking into ways of preventing it, and to be able to do that I need to understand it. I am not planning on DDoSing at all, it is pointless.
I'm guessing people can use multiple VPS to send tons of packets to a certain network? But how is this any different than downloading a file from a server? What command is used, "ping" cannot be?

Thanks in advance, sorry for my ignorance.

«13

Comments

  • NeoonNeoon Community Contributor, Veteran
    edited February 2014

    You just buy a product you will also find it on google and you get such a simple interface just put your ip in and press attack. So simple it can be and cheap as LEB.


    Thats the sad truth, every kid can rent such thing and DDOS everyone just imagine what DDOS protection cost and then what DDOS cost.....

  • blackblack Member
    edited February 2014

    I'll try putting it in simple terms.

    Someone knocks on your door, you answer. They ask for something and you give it to them. Then the person leaves.

    DoS is like the same guy knocking on your door over and over asking you for stuff to try to overwhelm you.

    DDoS is when he tells all his friends to knock on your door and ask for stuff to overwhelm you.

    Some DoS/DDoS countermeasures:

    • Make a rule to not give him anything if he asked for it already within the past x amount of time.
    • If you know there's a specific request you'll never serve, then block all those requests.
    • Get some help from your friends so they can help you serve requests.
    • etc.
  • AlexBarakovAlexBarakov Patron Provider, Veteran

    How to prevent it? Well, purcahse a DDoS protected hosting/vps/server.

  • edited February 2014

    DDos stands for distributed denial of service. In general, people who DDos use multiple machines (servers, VPS's, computers, ect) to send a large amount of traffic to a certain IP address. It is different then downloading a file from a server because with a DDos attack there are literally thousands if not more machines sending traffic all at once.

    If you really wanted to get technical with it, there are different OSI layers that the DDoser targets in order to take down a host.

  • Generally, when people DDoS, they use a botnet, a network of compromised computers, which is generally as big as 10,000 computers, or even bigger. Then they use techniques like DNS reflection(hope I'm using the correct terms), SYN flooding, etc., to overwhelm the host with requests, such that it cannot process requests from legitimate users. The port basically gets saturated, flooded with packets, clogged, so it is no longer accessible to anyone. Its so god damn easy to DDoS people, I won't name it, but there's this place, where you shouldn't even lurk. You can get access to botnets and other DDoSing tools there for literally pennies. Whereas protection from such attacks costs thousands of dollars. Very unfair :(. To protect yourself from DDoS attacks, you could use DDoS mitigation services like black lotus, cloudflare, x4b, etc.

  • @lars There are custom made tools that are made to send large numbers of UDP/TCP packets to the destination usually with the goal of overwhelming the connection.

    For example, research Slowloris, which is a type of DDOS attack, in this instance the whole idea of the program is just to generate an incredibly large amount of requests to an http server at once, so much so that it causes the http server on said machine to fail to be able to respond to the queries (and on occasion causing said server to run out of resources and crash), thus deny others access to the service.

    There are many derivatives of such tools around, some that you may be able to find and others which are held privately by people perpetrating such abuses by selling access to their 'booters' and 'botnets'.

    Hopefully this helps to explain this a little better for you.

    Cheers!

  • How often do people get arrested for this?

  • ztec said: How often do people get arrested for this?

    Not often enough.

    Thanked by 1Rallias
  • Anything goes really. The whole point of a (D)DoS attack is to consume your resources. There are a variety of methods at pretty much each layer of the network stack with each one varying in sophistication.

    Brute force layer 3/4 attacks are relatively easy to differentiate from normal traffic and aim to just overwhelm your network and filtering. They can easily leverage existing network functions like DNS or NTP to amplify themselves. Your provider is going to be the one that determines whether they want to tank the packets or just null route your IP at the borders of their network.

    Layer 7 application DoS attacks are aimed at killing your CPU/memory. Again, it can be something simple like rapid fire of multiple requests to different resources, or more sophisticated like a Slowloris which only makes a few requests but takes advantage of how the http protocol works to rapidly cause connections to balloon.

    How to defend? Good question :P It really depends on your risk profile. Best defense is to structure your application to degrade gracefully under load. That may include such things as microcaching for anonymous users. That pretty much takes out a majority of layer 7 attacks and you're left to deal with network ones. Those you have to tackle with your provider or get some form of filtered proxy.

  • DewlanceVPSDewlanceVPS Member, Patron Provider
    edited February 2014

    DDoS can be done by bots, etc.

    For example: You are hosting 10k bots on free hosting servers or computer and send a command by software to send packets on xyz website.

    DDoS is illegal when you are ddosing others server/site. Keep away from this type of bad activity.

  • @ztec
    The chance that they get busted is quite low. When you are a "big fish" they put enough effort on it to bring you to jail. But people with small botnets are, in most cases, not worth the costs and effort.

  • these days DDoS attacks are being launched mainly from dedicated servers on 1gbit ports

    they use scripts that push all packets through a big list of proxies.

    this means that the dedicated server IP wont be included in the attack and firewalling it isn't a option because there are too many different ip's involved.

    you only survive such attack if your network uplink is bigger than the attack itself.

    if needed i could provide you with the required files (scripts) to execute a ddos for educational purposes i will not include a proxy list, you can obtain that yourself with a scanner.

  • Mark_R said: i could provide you with the required files (scripts) to execute a ddos

    Let's not, even for educational purposes.

    Thanked by 1Pwner
  • perennateperennate Member, Host Rep

    Alex_LiquidHost said: How to prevent it? Well, purcahse a DDoS protected hosting/vps/server.

    Won't help with application-level DoS/DDoS.

  • Mark_R said: i could provide you with the required files (scripts) to execute a ddos

    Who's to say this guy isn't yet another skiddie looking to DDoS people just for the lulz?

  • @dhamaniasad said:
    Who's to say this guy isn't yet another skiddie looking to DDoS people just for the lulz?

    Why would I do that?

  • lars said: Why would I do that?

    Its not like this is the first time I've seen people ask how a DDoS works for educational purposes and the next day they're out DDoSing people for 'educational purposes'. I wouldn't know, but its entirely possible both ways.

  • Here is some info: http://en.wikipedia.org/wiki/Denial-of-service_attack

    Why need to know more? Do you have problems with DDoS attacks? If yes, use a host with DDoS protection and/or cloudflare. Why do you need to know how to carry out a DDoS attack?

  • @black @dhamaniasad

    I understand. the thing is.. someone who shows interest in this kind of stuff usually will find a way to get it done anyways

    i'm not sure what the true intentions of @lars are by opening a thread named

    "How do people DDoS?"

    he could be having educational intentions or bad ones, either way i'm just trying to save him time searching / provide him with files he can learn from.

    Some people learn better by doing things, that is why i offered it.

  • @lars said:
    Why would I do that?

    As a end-user unless you have control over BGP sessions, you don't have the tools to mitigate against a layer 3/4 yourself so it's not really relevant to 'execute one in order to learn'.

  • @Infinity580 said:
    You just buy a product you will also find it on google and you get such a simple interface just put your ip in and press attack. So simple it can be and cheap as LEB.


    Thats the sad truth, every kid can rent such thing and DDOS everyone just imagine what DDOS protection cost and then what DDOS cost.....

    Yup. Correct. SKID Tools from HF which they call Stresser or Stress Tester and claim its for testing purposes.

  • Mark_R said: Some people learn better by doing things, that is why i offered it.

    In case of DDOS, it would be a horrible way of learning.

  • shovenoseshovenose Member, Host Rep

    Lol.

  • tchen said: As a end-user unless you have control over BGP sessions, you don't have the tools to mitigate against a layer 3/4 yourself so it's not really relevant to 'execute one in order to learn'.

    I can understand Layer 3, but what exactly is there being done at Layer 4 during an attack (OSI model) ?

  • Nobody else mentioned it here so I will. DDoS attacks exist because Windows is such an insecure PoS. If Windows was not so easy to infect with botnet software there would not be a DDoS problem. Something like 95% of all botnets are infected windows PCs.

  • as far as I know, there is a lot type of DDoS.. from simple UDP flooding (most bots do this or oldskool script udp.pl), up to dns amplification.

    you might found interesting information about ddos here : http://blog.cloudflare.com/tag/ddos

  • @marcm said:
    I can understand Layer 3, but what exactly is there being done at Layer 4 during an attack (OSI model) ?

    SYN flooding. Basically an exhaustion of TCP connections as it patiently waits for the final ACK.

  • @sman said:
    Nobody else mentioned it here so I will. DDoS attacks exist because Windows is such an insecure PoS. If Windows was not so easy to infect with botnet software there would not be a DDoS problem. Something like 95% of all botnets are infected windows PCs.

    Probably because nobody else thinks that eradicating windows XP means botnets will stop. The skew in the high number of XP bots is just due to it being low-hanging fruit. There are quite a few sizeable MacOSX and linux bot nets around - also compromised via low-hanging fruit like Java vulns and root dictionary attacks. From Windows 7 and beyond, the techniques are pretty much on par - attack that mushy meatbag called the admin/user and whatever crap they installed and didn't secure.

  • may i ddosing using my 56kbps phone line?

  • Something else to note is that compromising one VPS or Dedibox is worth compromising 5-200 home PC's depending on the home PC connection. Also compromising boxes in South Korea and Japan are usually worth 3-10 compromised pc's in the US or Europe depending on your target. While the latency may be high, most home computers in those countries have a symmetrical vdsl link anywhere from 50 to 100mbps.

    Additionally where you have boxes is important. As VPS's become cheaper and more ubiquitous it will be easier to dos a box from within the same data center for 5 bucks.

    For a while in the early 2000's you could take out most of Australia's internet bandwidth with some well situated boxes in Japan and the Philippines.

Sign In or Register to comment.