As usual, I was listening to security now podcast episode #8, and Steve Gibson was talking about the DOS and how it works, and what is the different between DOS and Distributed DOS. I found it very interesting topic and I heard a lot of information I never heard about it.
DOS stands for Denial Of Service, and it is simply a packet traffic that might cause problems for the other end. When a client want to establish a TCP session, the first packet sent from the source (web browser for instance) to the destination (server for instance) is called SYN packet. When the server receive the SYN packet, it allocate number of resources (memory, processor etc) and send back a SYN/ACK packet. If the sender is keep sending this packet (SYN packet), the server will keep allocating resources to the clients till it run out of resources. So DOS does not consume the connection bandwidth ! it attack and consume the server resources.
Conversely, Distributed DOS does consume and attack the conection bandwidth. It simply works by infecting a large number of computers (hundreds to thousands), and tell these computers to attack a single end-user. These computers act as slaves and start sending traffic to this end-user (SYN packet or any other packets). One of the most popular DDOS example is ping packet attack (ICMP packet).
DOS stands for Denial Of Service, and it is simply a packet traffic that might cause problems for the other end. When a client want to establish a TCP session, the first packet sent from the source (web browser for instance) to the destination (server for instance) is called SYN packet. When the server receive the SYN packet, it allocate number of resources (memory, processor etc) and send back a SYN/ACK packet. If the sender is keep sending this packet (SYN packet), the server will keep allocating resources to the clients till it run out of resources. So DOS does not consume the connection bandwidth ! it attack and consume the server resources.
Conversely, Distributed DOS does consume and attack the conection bandwidth. It simply works by infecting a large number of computers (hundreds to thousands), and tell these computers to attack a single end-user. These computers act as slaves and start sending traffic to this end-user (SYN packet or any other packets). One of the most popular DDOS example is ping packet attack (ICMP packet).
So as a conclusion, DDOS consumes the victim's connection bandwidth, while DOS attacks the victim's resources.
No comments:
Post a Comment