DDoS-attack: how to do? The program for DDoS-attacks

Probably many modern users of computers and the Internet have heard about the presence of DDoS-attacks, made by intruders in relation to any sites or servers of large companies. Let's see what a DDoS-attack is, how to do it yourself and how to protect yourself from such actions.

What is a DDoS attack?

For starters, perhaps, it is worth investigating what such illegal actions are. We will discuss at once that when considering the topic "DDoS-attack: how to do it yourself", the information will be submitted only for review, not for practical use. All actions of this kind are criminally punishable.

The very attack, by and large, is the sending of a sufficiently large number of requests to the server or site, which, exceeding the limit of accesses, block the operation of the web resource or the provider's service in the form of disabling the server with security software, firewalls or specialized equipment.

It is clear that DDoS-attack with their own hands can not be created by one user from one computer terminal without special programs. In the end, well, he will not be sitting there for days on end and every minute send requests to the site being attacked. Such a number will not work, as protection against DDoS attacks is provided for each provider, and one user is not able to provide such a number of requests to the server or site that in a short time exceeded the limit of calls and caused the triggering of various defense mechanisms. So to create your own attack you will have to use something else. But more about this later.

Why is there a threat?

If you understand what a DDoS-attack is, how to do it and send the exceeded number of requests to the server, it is worth considering the mechanisms by which such actions are performed.

These can be unreliable firewalls that can not cope with a huge number of requests, security holes in the provider's security system or in the operating systems themselves, a lack of system resources for processing incoming requests with further system hang-up or emergency shutdown, etc.

At the dawn of the emergence of such a phenomenon, the DDoS attack was mostly carried out by the programmers themselves, who created and tested with it the efficiency of the protection systems. Incidentally, even IT-giants such as Yahoo, Microsoft, eBay, CNN and many others have suffered from the actions of intruders who used DoS and DDoS components as weapons. The key moment in those situations was attempts to eliminate competitors in terms of restricting access to their Internet resources.

In general, and modern electronic merchants are engaged in the same. To do this, simply downloaded the program for DDoS-attacks, well, then, as they say, the matter of technology.

Types of DDoS attacks

Now a few words about the classification of attacks of this type. The main thing for everyone is to disable the server or site. The first type can be attributed to errors associated with the sending of incorrect instructions to the server for execution, as a result of which an abnormal termination of its operation occurs. The second option is the mass sending of user data, leading to an infinite (cyclic) test with increasing load on system resources.

The third type is flood. As a rule, it is the task of pre-formed (meaningless) requests to the server or network equipment in order to increase the load. The fourth type is the so-called congestion of communication channels by false addresses. Another attack can be used, leading to the fact that the computer system is changing the configuration, which leads to its complete inoperability. In general, you can list for a long time.

DDoS attack on the site

Typically, this attack is associated with a specific hosting and is directed solely at one predefined web resource (in the example in the photo below conventionally denoted as example.com).

If the number of accesses to the site is too high, a communication failure occurs due to the blocking of communication not by the site itself, but by the server part of the provider service, or rather, not even by the server or security system itself, but by the support service. In other words, such attacks are aimed at ensuring that the owner of the hosting receives a denial of service from the provider when a certain contractual traffic limit is exceeded.

DDoS attack on the server

As for server attacks, here they are not aimed at any particular hosting, namely the provider that provides it. And it does not matter that because of this, site owners may suffer. The main victim is the provider.

The application for organizing DDoS attacks

So we came to an understanding of what a DDoS attack is. How to make it with the help of specialized utilities, we now and understand. We note at once that applications of this type are not classified as secret. On the Internet they are available for free download. So, for example, the most simple and well-known program for DDoS attacks called LOIC is freely laid out on the World Wide Web for download. With its help, you can attack only sites and terminals with pre-known URL and IP addresses.

How to get at your disposal the victim's IP-address, for ethical reasons we will not consider now. We proceed from the fact that we have initial data.

To start the application, the executable file Loic.exe is used, then the initial addresses are written in the top two lines on the left side, and then two "Lock on" buttons are pressed - slightly to the right opposite each line. After that, the address of our victim appears in the window.

Below there are sliders for adjusting the speed of request transmission for TCP / UDF and HTTP. The default value is set to "10". We increase it to the limit, after which we press the big button "IMMA CHARGIN MAH LAZER" to start the attack. You can stop it by pressing the same button again.

Naturally, one such program, often called a "laser cannon," will not cause trouble to some serious resource or provider, since protection against DDoS attacks is installed there quite powerful. But if a group of people use a dozen or more of these cannons at the same time, something can be achieved.

Protection against DDoS attacks

On the other hand, anyone who tries to attempt a DDoS attack must understand that on the "that" side, too, no fools are sitting. They can easily calculate the addresses from which such an attack is made, and this is fraught with the most unfortunate consequences.

As for ordinary hosting owners, usually the provider immediately provides a package of services with appropriate protection. There can be a lot of means to prevent such actions. This is, say, redirecting an attack to an attacker, redistributing incoming requests to several servers, filtering traffic, duplicating security systems to prevent their false triggering, building up resources, etc. By and large, there is nothing to worry about as a normal user.

Instead of an afterword

I think from this article it becomes clear that to do DDoS-attack itself with the availability of special software and some initial data of labor will not be. Another thing - is it worth it to deal with, and even the inexperienced user who decided to indulge, so, for the sake of sports interest? Everyone should understand that his actions in any case will cause the application of retaliatory measures on the part of the attacked side, and, as a rule, not in favor of the user who launched the attack. And after all, according to the Criminal Codes of most countries, you can get for such actions, as they say, in places not so remote for a couple of years. Who wants this?