Jump to content

what is the difference between ddos and dos?


strawberry wine
 Share

Recommended Posts

Yes it's illegal unless if you have their written consent and you ensure you only touch their network. DoS stands for Denial of Service and DDoS stands for Distributed Denial of Service. A DoS attack simply floods a network/system with so many requests that it can't provide services to legitimate users. It is quite difficult for a single system to perform this kind of attack these days and if using a single system the attacker can be caught pretty easily. A DDoS attack uses many systems to flood the target and makes it more difficult to find the attacker. These types of attacks are generally performed by a botnet where an attacker has taken over many different machines. It is much easier to bring down a target system/network with hundreds, or thousands, of machines.

Link to comment
Share on other sites

DOS: Disk Operating System. (Exactly what it says on the tin).

DDOS: Distrubuted Denial of Service attack.

DDOS is illegal and likely to end you in prison.

Using DOS is old school, but you can get Zork and Doom to run on it.

Link to comment
Share on other sites

People are mixing up cause and effect here.

(D)DoS is effect - The machine doesn't respond to legitimate traffic in a timely manner.

This can have multiple causes.

1. Inbound traffic overload. There's so much data flowing into the pipe that you get the digital equivalent of a traffic jam. Typically the one flooding the network does so with junk because (s)he's not interested in the server response.

2. Outbound traffic overload. One or more client repeatedly requests so much data from the server that it creates an outbound traffic jam to the server. Think about what happens when you run something like Youtube on 1 server. The clients send simple, valid and relatively small requests to the server and the server responds by sending back a shitload of data. If you do that with enough concurrent connections, everything slows down to such a crawl that it becomes unusable.

3. Server malfunction. If you find a way to formulate your request to the server such that the server's process crashes (or for bonus points, gets taken over by your Metasploit instance) it isn't able to service the legitimate requests.

4. Server resource depletion. On UNIX there's a limit to the number of open files a process can have. If you find a bug in the server that results in the leaking of file descriptors you can prevent the server from opening new files, which may result in the service being unable to do what it should be doing.

5. Firewall misconfiguration. If you know the firewall auto-blocks traffic from an IP for a certain amount of time when 'dangerous' traffic is noticed (known attack signatures), you need to only provide 1 such request that seems to originate from your victim's IP address for every block clearance interval to deny all service to that IP.

6. Exploit the authentication protection system. Repeatedly log in as your victim with the wrong credentials to cause the account to get locked.

This is just the tip of the iceberg. Look at this presentation from 32C3 where a guy who can test your site's resilience against DDoS attacks talks about the fails he's encountered.

Link to comment
Share on other sites

3. Server malfunction. If you find a way to formulate your request to the server such that the server's process crashes (or for bonus points, gets taken over by your Metasploit instance) it isn't able to service the legitimate requests.

I would also like to add that an exploit that is not able to execute remote code, but is able to crash the remote service can be called a Denial of Service Exploit. I don't think an exploit could ever be called a DDOS exploit. Edited by fugu
Link to comment
Share on other sites

I would also like to add that an exploit that is not able to execute remote code, but is able to crash the remote service can be called a Denial of Service Exploit. I don't think an exploit could ever be called a DDOS exploit.

Yep. Anything that denies service is a DoS attack. It could be as simple as turning off a service in Windows Services and changing the name of the executable so it doesn't start back up.

Edited by sud0nick
Link to comment
Share on other sites

I would also like to add that an exploit that is not able to execute remote code, but is able to crash the remote service can be called a Denial of Service Exploit. I don't think an exploit could ever be called a DDOS exploit.

Think of an exploit that hits the main listening socket's process. You know, the one that does the accept() and then hands that off to a separate thread for handling but through some stupid bug allows you take over this process prior to your socket being handed off to a separate thread. While your exploit code is active within this process no new connections can be accepted (no thread is blocking on accept() on the listening socket anymore).

Another example is a program that tries to do everything asynchronously from a single thread. If you manage to exploit that and take over the thread, the service is effectively gone meaning you've DoS'd the box.

Edited by cooper
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...