Types of DDOS Attacks & What Is A Denial of Service

denial of service attackDDoS is short for Distributed Denial of Service and is a type of DOS attack where multiple compromised systems, usually infect with a Trojan, are used by a hacker to disable a website or server. Victims of DDoS attack are both the targeted site and all the other systems used and controlled by the hacker in the attack. The cracker sends flooding traffic to the victim using many different sources – hundreds of thousands or more sources. Finally, the victim is unable to control the flow because it becomes impossible to distinguish between legitimate and fake incoming traffic.

The attacker creates a network of infected zombie computers known as botnets by sending malicious software through social media, emails and websites. After the zombie computers are infected, the attacker can control the entire hacking process using a remote control. Botnets can generate large flows of traffic to overwhelm the target and the traffic flood can be distributed in multiple ways. The zombie computers are used like an army to launch an attack without the knowledge of the owners. The messages are too huge for a server to handle and sent in a random way to use up the victim’s bandwidth. Some attacks are too large to even incapacitate a state’s international cable.

There are specialized market places on the internet available to sell and buy DDoS attacks and botnets. Anyone can buy from these underground markets by paying a nominal fee to disable a website they dot like or disrupt a company’s operation. A DDoS attack running for a week to target small companies can cost as little as 150 dollars.

The hacker uses a Digital Attack Map to know the activities taking place any given time. When the cracker launches an attack, the actions are displayed as dotted lines and scaled to size to identify the source and the destination. The features of the map include:

  1. Histogram to show the historical data
  2. A select command to view DDoS activities in a given country or target
  3. A color option to indicate the magnitude of attack, type of attack or duration of attacking
  4. A news section to keep abreast on current trends and attack activities
  5. A gallery to view examples of previous successful attacks

DDoS attacks come in various forms such as Teardrops, Smurfs and Pings of Death. Here are some methods commonly used to launch an attack.

  1. TCP Connection Attacks – they attempt to use all the victim’s available connections and infrastructure like application servers, load balancers and firewalls. These attacks can also bring down a county’s millions of connections.
  2. Volumetric Attacks – cause congestion by eating up bandwidth of the victim all the networks in-between.
  3. Fragmented Attacks – these attacks send UDP and TCP fragments to the target and the system is destroyed when it tries to assemble the pieces of information together.
  4. Application Attacks – they target applications by overwhelming a specific service. This is a very effective method that can bring down a server even by using very few botnets.

By forging a target’s IP address, a cracker can send small requests through a DNS server and then amplify every request using the botnets to overwhelm the victim.

Top DDOS Programs To Perform Attacks

There are many free tools and programs available to overload a server or website with traffic and initiate an attack. Some of these programs also support zombie networks to do a DDoS attack. You can use the following programs or search for other available programs from several sites.


Low Orbit Ion Canon is a popular DDoS program of attack. These tools have been used on several occasions to attack big companies by the group of hackers commonly known as Anonymous. Not only has this group used DDoS tools to attack but have also asked users of internet to join them through IRC. An attack can be done by a lone attacker by sending HTTP, UDP or TCP requests to the victim. The attacker only needs to know the IP address or the URL of the victim’s website – the program will do the rest of the attacking.This program has HIVEMIND mode which allows the attacker to control the entire process using a LOIC remote control system. The only problem with this program is that it does not hide the attacker’s IP address and if you use a proxy to attack, the program can hit the proxy’s server rather than the targeted server.


This is a much better program than LOIC because it attacks a server using different attack angles like the IP address, user selected protocols and ports. The inbuilt GUI makes it easy for the program to be used by a beginner to attack. Generally, there are 3 attacking modes – test mode, normal DDoS and a mode that can send UDP/ICMP/HTTP/TCP messages. This is a powerful program that can be applied to attack small websites.

HULK Program

HULK stands for HTTP Unbearable Load King. This is yet another great program which produces special and different requests for each message sent to the targeted server. The program also applies many other ways to evade being detected by using known patterns to the target server. It uses known users to send random requests and can avoid caching engines. It actually hits the resource pool of the targeted server. During its trial period, the program was tested on IIS 7 server that had 4GB RAM and it crashed it in less than a minute.


This popular program is referred to as the Layer 7 DDOS Simulator. Just like the name suggests, it’s used to attack servers by simulating different zombie computers. All the zombie devices create complete TCP networks around the targeted web server. This program uses C++ language and operates on Linux operating systems. Common features of the Layer 7 DDoS Simulator include:

1. Random IP addresses

2. TCP connection attacks and random port flooding

3. HTTP DDoS valid requests

4. HTTP DDoS invalid requests that resemble the DC++ attacks

5. Simulates various zombies during an attack

6. Layer application DDoS attacks


RUDY is a DDOS program which attacks using HTTP POST. It attacks using a long form submission through the POST method. It comes with inbuilt console menu that is very interactive. This program searches for forms on URLs and detects which fields and forms to apply when doing a POST method of DDoS attack.

The Best DDOS Protection Methods

How can one Protect or Prevent Against a DDoS Attack?

There exists no foolproof or effective ways of preventing a computer system from falling into the trap of a DoS or DDoS attack, unfortunately.

There are only steps that you can take to greatly lower the likelihood of an attacker choosing your computer to attack others. They include:

  • installing and maintaining an antivirus software
  • installing a firewall and configuring it to restrict and control the traffic allowed into or out of your computer system or network
  • following recommended good security practices when distributing your email address to reduce the advent of spoof and spam messages. For instance, applying email filters helps you to easily manage any unwanted traffic.

Other technical ways of dealing with a DDoS attack include

  • Switch and Router Settings: here, simple rules to allow or deny protocols, ports and/or IP addresses through switches and routers are set in a firewall.
  • Application Front-End Hardware: this is intelligent hardware that is placed`on the`network just before traffic`reaches the`servers. It analyzes`data packets`as they`enter the`computer system, identifying`them as`priority, regular`or dangerous.
  • IPS-based Prevention: intrusion-prevention systems can only be effective if an attack has a signature associated with it.
  • DDS-based Defense: this blocks`connection-based DoS`attacks and`those attacks which dupe a system by having legitimate content but a bad intent. This also addresses both protocol attacks like Teardrop and Ping-of-death, and rate-based attacks like ICMP and SYN floods.
  • Blackholing and Sinkholing: blackholing sends all traffic targeted at an`attacked DNS`or IP`address to a black hole, i.e. a non-existent server or a null interface while sinkholing routes the traffic`to a`valid IP`address that analyzes it and rejects any bad packets.
  • Clean Pipes: all traffic passes through a cleaning center through various methods like proxies, tunnels and direct circuits that which separate bad traffic (like DDoS) from the good traffic that is allowed to pass through to the server.


What Is A Denial Of Service

A Denial of Service (DoS) or distributed denial-of-service (DDoS) attack is a deliberate attempt to prevent legitimate users of a machine or network from accessing its resources.

The means of carrying out these kinds of attacks, the motive behind them and their targets vary, but

Generally, the attacks involve efforts to indefinitely or temporarily suspend or interrupt the services of a host computer connected to the Internet.

By definition, DDoS attacks are perpetrated by two or more users – or bots – while DoS attacks are sent by a single person or system but these terms are often used interchangeably. A DDoS attacker typically uses your computer to attack another one.

ddos-map-2014-04As of July 2014, the frequency of DoS attacks has gone up to an all-time high of an average 28 attacks per hour, with so many still bein unrecognized or unreported.

A DDoS attack typically involves a cracker using a network of zombie bot computers to sabotage a certain specific website or server.

The cracker tells all the bot computers on his botnet to contact the server or website repeatedly and

consistently. This sudden increase in server traffic results in the site loading very slowly for its legitimate users, or even shut down completely is the requests overwhelm its resources.

Some tricky botnets may use uncorrupted bot computers as part of the DDoS attack. The cracker sends a command that initiates this attack to his zombie army of computers. Each of them then sends a connection request to another innocent computer known as a reflector.

This request appears to the reflector as if it originates from a targeted victim of the attack and not from the zombie army. The reflectors bombard the victim system with information, eventually making its performance to suffer or causing it to shut down completely because of the inundation with a myriad of unsolicited responses from multiple computers at once.

In the victim’s perspective, it appears that the reflectors attacked its system while in the reflectors’

perspective it seems like the victim requested those packets of information, an intelligent ploy that ensures that the zombies remain hidden, with the cracker himself being even more out of sight!

Some of the most common types of DDoS names include:

  • Ping of Death: here, bot computers create huge packets of information and send them on to victim systems.
  • Mailbomb: this involves the the bombardment of e-mail servers with a massive amount of e-mail traffic that often leads to their crashing.
  • Smurf Attack: here, bots send ICMP or lnternet Control Message Protocol messages to reflectors, which then attack a targeted victim system.
  • Teardrop: pieces of an illegitimate information packet are sent to a victim system by an army of bots.  When the system tries to recombine these pieces to make a packet, it crashes.

Other types of DoS and DDoS attacks include SYN floods, Slow-Read, Peer-to-Peer and R-U-Dead-Yet?  (RUDY) attacks. Some major technology, software, computer security and Internet companies have been

DDoS attack victims including Microsoft which suffered a DDoS attack called MyDoom. Others include Amazon, Yahoo, CNN and eBay.

Once an army of bots commences a DDoS attack against a targeted victim, there are a few measures the system administrator could do to prevent a catastrophe. For instance, he could limit the amount of traffic that is allowed on his server. Though this technique also restricts legitimate connections, it is a step towards preventing more damage.

An administrator could also try to determine the origin of an attack and try filtering the traffic. Unfortunately, this is not always an easy thing to do iven that many zombie computers will disguise or spoof their addresses to cover their tracks.

How To DDOS Using Zombie Computers

A computer hacker can sometimes use a network of zombie devices and computers to bring down a targeted server or website. The operation simply works when the cracker commands all the zombie devices to repeatedly contact the targeted site. The victim then receives an overload of traffic that ends up slowing down the site – sometimes the traffic is too much to close the site completely. This kind of hacking is referred to as a Distributed Denial of Service (DDoS) attack. The attacker can spam a server or website with so much data that it forces them to shut down within a very short time. Websites with a bandwidth cap can close down almost immediately. You’ll need quite a lot of computers to close a website or you could repeatedly lag the few zombies you have.

how to ddos for dummiesHere is how to DDos: the crackers assemble an army of zombie computers and initiate a command to attack. Each zombie computer in the army then connects with uncorrupted computers (who are not aware they are being used as bait) called reflectors. The purpose of using reflectors is to hide the identity of the attacker. The request sent from the zombie computers look legitimate to the reflector and appear to have originated from the zombie and not the cracker. The reflectors will innocently send information to the victim’s computer system. Since the data comes from many different reflectors and distributed in multiples, the victim’s computer performance suffers.

The target victim thinks that the reflector initiated the attack and the reflector knows that the zombie system requested the packets. The amazing thing is that the zombie computers remain hidden and the cracker is completely out of the scene.

To DDoS, you’ll need to buy the software which is available from different download websites. Download the software and extract it from your desktop. Low Orbit Ion Cannon (LOIC) is one DDoS software example. Once you open the software, you’ll be directed by a screen prompter. Fill the box that asks you to select your target by inserting the website address or the IP number and press the lock button. Select attack options and enter a random message and choose your speed. Finally, fire the laser and you’ll see a column of attack status which indicates the number of times it has requested from the target site.

DDos come in different names with some affecting the target mildly while others are very disturbing.

  1. Mail bomb – these crackers attack email servers by sending massive amounts of emails.
  2. Ping of Death – the hacker creates large electronic packets and distributes them to victims.
  3. Teardrop – small illegitimate packets are sent to the victim’s server and the system tries to recollect and assemble the pieces together and it crashes in the process.
  4. Smurf Attack – specifically send messages o the target website using Internet Control Message Protocol (ICMP) through the reflectors.

Once the army of attackers begins the DDoS against a victim, there are minimum things the system can do for preventing a disaster. The system administrators can either limit the amount of traffic as allowed by the server or filter the traffic if they know the origin of the attack. Unfortunately, this is not easy because most crackers spoof or hide their addresses. Learn more about the many ways crackers can attack your website or server.

DDOS Definition: What Is DDOS?

what is ddosWhat Exactly Is DDOS?

A DDoS Attack or a Distributed Denial of Service is a huge attack targeting a specific server or a network of machines. This type of attack originated in the early 90s, when the severity was low.

In the late 90’s or 2000’s the first real distributed DDoS attack happened. During those days, Trinoo was the popular tool to execute such an attack. In the initial days of DDoS attacks, a series of computers were infected. These infected computers received commands from a central location which was also known as botnet C&C (Command and Control). But this system was easily traceable and the attacks could be prevented on time. So, the attackers devised a new way. Instead of attacking from a single host they used IRC (Internet Relay Chat). In this new variety, all the infected machines were connected via a port and host name using a botnet code. The attackers needed a single chat entry and their attack was seen by thousands of infected computers.

Widespread Fear of DDoS

DDoS attacks caused the first real stir when the search giants Yahoo were taken down. This attack

happened in early 2000’s when the bandwidth required for such an attack would have been immense. But the fear of DDoS spread among Internet users when Spamhaus was taken down. CloudFlare (a leading content delivery network) analyzed and publicized the attacks vastly. CloudFlare informed the business owners how devastating a network attack such as DDoS could be. When people knew about the severity and vast reach of the attacks they were bound to be afraid.

How these Attacks Happen‘?

DDoS causes Denial of Service for the users or end users of what is being attacked. There are some ways in which DDoS attacks can be brought about. Three most common processes are mentioned below:

  1. In this process the connections for the targetted user is saturated. It prevents all other users from connecting to the network. Such an attack can be brought about with the use of UDP Flood and UDP Reflection Flood.
  2. The second process sends more packets per second than the router or host machine can handle. When the host machine becomes incapable of processing the requests the users‘ requests cannot be met. Such an attack is generally brought about by Synflood.
  3. Overloading the application with excessive requests is the third process of DDoS attacks. The attackers create a situation where there are thousands of users sending requests at the same time. When there are so many requests to handle the application is bound to crash. This attack is very potent nowadays, as most websites run on their databases. The attack overloads the databases and web servers.

How to Protect Yourself‘?

There are many services available in the market which helps businesses in ddos protection . These DdoS protection services can be installed with any hosting provider. They are easy to install and maintain.

DdoS mitigation services look to pacify the common causes of DDoS attacks such as TCP SYN Flood, UDP Flood, ICMP Flood, etc. These are reliable ways to protect your business from a loss of millions. Anti DDoS server installations can keep your information protected and provide reat uptime to a website. If you own a website, then these DDoS protection are perfect solutions for you.

Scheduled OpUSA DDOS Attack: More bark than bite?

The U.S. Department of Homeland Security is warning that a group of mostly Middle East- and North Africa-based criminal hackers are preparing to launch a cyber attack campaign next week known as “OpUSA” against websites of high-profile US government agencies, financial institutions, and commercial entities. But security experts remain undecided on whether this latest round of promised attacks will amount to anything more than a public nuisance.

A confidential alert, produced by DHS on May 1 and obtained by KrebsOnSecurity, predicts that the attacks “likely will result in limited disruptions and mostly consist of nuisance-level attacks against publicly accessible webpages and possibly data exploitation. Independent of the success of the attacks, the criminal hackers likely will leverage press coverage and social media to propagate an anti-US message.”

The DHS alert is in response to chest-thumping declarations from anonymous hackers who have promised to team up and launch a volley of online attacks against a range of U.S. targets beginning May 7. “Anonymous will make sure that’s this May 7th will be a day to remember,” reads a rambling, profane manifesto posted Apr. 21 to Pastebin by a group calling itself N4M3LE55 CR3W.

Continue Reading…

Protected Hosting & Mitigation Services

It’s nearly impossible to protect yourself against a DDOS Attack and actually stopping one is 99.9% impossible for a serious attack.  So best thing to do is be prepared and if you are serious about protecting your website, business or brand, you really do have to consider DDOS Hosting your site with the appropriate DDOS Protection in place.

Unfortunately this type of hosting can be slightly expensive, but you have to consider what’s more costly; the protection of your website, or a day or two of downtime due to a large attack.

Protecting yourself however is just as easy as choosing to host your website on the right hosting provider who has the necessary DDOS Protection services already in place.  Here are a few of the best services we know of;

1.) Koddos Hosting
ddos protection by koddos.com

Distributed Denial Of Service Programs

Denial Of Service Attack Warning


If you are seeking DDOS Hosting or Protection for your server, please go here.

It is with the highest caution that you are to seek out and execute a DDOS or Distrubuted Denial Of Service Attack using any type of DDOS Program.  Implications of this can be found here.  Alternatively, here is a list of Laws that apply to these attacks.

This site will contain highly useful information to educate you about DDOS Attacks, DDOS Programs and the cautions you should be aware of if you intend to attempt an attack of service.

Please read it entirely.