Distributed Denial of Service - DDoS Attacks

7) Distributed Denial Of Service (DDoS) :- In Distributed DoS attack, there are 100 or more different attackers (systems) attacking the single system. Due to higher number of attackers DDoS attack is more effective and dangerous than regular DoS attack. The attackers have control over master zombies, which, in turn, have control over slave zombies, as shown in figure.

ddos attack

No system connected to the internet is safe from DDoS attacks. All platforms, including Unix and Windows NT, are vulnerable to such attacks. Even Mac OS machines have been used to conduct DDoS attacks.

The most popular DDoS tools are:-

a) Trin00 (WinTrinoo)
b) Tribe Flood Network (TFN) (TFN2k)
c) Shaft
d) Stacheldraht
e) MStream

8) Distributed Denial Of Service with Reflectors (DRDoS) :- In DRDoS attacks the army of the attacker consists of master zombies, slave zombies, and reflectors. The difference in this type of attack is that slave zombies are led by master zombies to send a stream of packets with the victim's IP address as the source IP address to other uninfected machines (known as reflectors), exhorting these machines to connect with the victim. Then the reflectors send the victim a greater volume of traffic, as a reply to its exhortation for the opening of a new connection, because they believe that the victim was the host that asked for it. Therefore, in DRDoS attacks, the attack is mounted by noncompromised machines, which mount the attack without being aware of the action.

a DRDoS attack creates a greater volume of traffic because of its more distributed nature, as shown in the figure below.

drdos attack