Skip to main content

DDoS attack 

What is DDoS attack?

DDoS is short for Distributed Denial oService. DDoS is a type of DOS attack where multiple compromised systems, which are often infected with a Trojan, are used to target a single system causing a Denial of Service (DoS) attack. Victims of a DDoS attack consist of both the end targeted system and all systems maliciously used and controlled by the hacker in the distributed attack.


The different between DoS & DDoS?

The difference between a DoS and DDoS attack is quite simple. A DoS attack usually targets a victim at the application layer, with the same intentions of rendering a website unusable. A DoS attack is accomplished by a single user using a single internet connection.



How the attack works?

In a DDoS attack, the incoming traffic flooding the victim originates from many different sources – potentially hundreds of thousands or more. This effectively makes it impossible to stop the attack simply by blocking a single IP address; plus, it is very difficult to distinguish legitimate user traffic from attack traffic when spread across so many points of origin.

How to mitigate the DDoS attack?

There are a few ways to help protect yourself against DDoS attacks.
  • Keep an eye on the inbound traffic hitting your server. The sooner you see an unusual spike in traffic that looks suspicious, the sooner you can start investigating.
  • Add filters to your router to drop packets from suspicious sources
  • Implement rate limiting in the event you are being attacked in order to avoid your server being overwhelmed.
  • Use a DDoS protection service

Comments

Popular posts from this blog

Cross-Site-Request-forgery-protection-in-web-applications-via-Synchroniser-Token-Patterns

What is Cross-site request forgery?   Cross-site request forgery , also known as  one-click attack  or  session riding  and abbreviated as  CSRF  or  XSRF , is a type of malicious  exploit  of a  website  where unauthorized commands are transmitted from a  user  that the web application trusts. Let’s take a look at a concrete example to get a better understanding. Assume that your bank’s website provides a form that allows transferring money from the currently logged in user to another bank account. For example, the HTTP request might look like: POST /transfer HTTP/1.1 Host: bank.example.com Cookie: JSESSIONID=randomid; Domain=bank.example.com; Secure; HttpOnly Content-Type: application/x-www-form-urlencoded amount=100.00 & routingNumber=1234&account=9876 Now pretend you authenticate to your bank’s website and then, without logging out, visit an evil website. The evil website contains an HTML page...

OAuth 2.0 framework

What is OAuth 2.0? OAuth 2 is an authorization framework that enables applications to obtain limited access to user accounts on an HTTP service, such as Facebook, GitHub, and DigitalOcean. It works by delegating user authentication to the service that hosts the user account, and authorizing third-party applications to access the user account. OAuth 2 provides authorization flows for web and desktop applications, and mobile devices. This informational guide is geared towards application developers, and provides an overview of OAuth 2 roles, authorization grant types, use cases, and flows. This specification and its extensions are being developed within the  IETF OAuth Working Group . How does Social Login work? Social Login is a simple process, with the following steps. The user enters your application and selects the desired social network provider. A login request is send to the social network provider. Once the social network provider confirms the user’s ide...

Cross-site-Request-Forgery-protection-in-web-applications-via-Double-Submit-Cookies-Patterns

Implementation of the Double Submit Cookie Pattern is bit similar to the implementation of the Synchronizer Token Pattern. So before reading this post, It is better to read the last post about the "implementation of Synchronizer Token Pattern". The link for the previous post is as fallows https://hyperstella.blogspot.com/2018/05/cross-site-request-forgery-protection.html Double submit cookie pattern does not store the token value in the server side.It store the token value inside the cookie in the client side. In this post we are going to show the implementation process of  Double Submit Cookie Pattern , You can see a sample project (Github) :-  https://github.com/MalikDilsh/Cross-site-Request-Forgery-protection-in-web-applications-via-Double-Submit-Cookies-Patterns Step 1: First of all you have to  Create a web application similar to the Synchronizer Token Pattern. Because the implementation process of the double submit cookie pattern is mostly equal, ther...