Skip to main content

DDoS attack 

What is DDoS attack?

DDoS is short for Distributed Denial oService. DDoS is a type of DOS attack where multiple compromised systems, which are often infected with a Trojan, are used to target a single system causing a Denial of Service (DoS) attack. Victims of a DDoS attack consist of both the end targeted system and all systems maliciously used and controlled by the hacker in the distributed attack.

The different between DoS & DDoS?

The difference between a DoS and DDoS attack is quite simple. A DoS attack usually targets a victim at the application layer, with the same intentions of rendering a website unusable. A DoS attack is accomplished by a single user using a single internet connection.


How the attack works?

In a DDoS attack, the incoming traffic flooding the victim originates from many different sources – potentially hundreds of thousands or more. This effectively makes it impossible to stop the attack simply by blocking a single IP address; plus, it is very difficult to distinguish legitimate user traffic from attack traffic when spread across so many points of origin.

How to mitigate the DDoS attack?

There are a few ways to help protect yourself against DDoS attacks.
  • Keep an eye on the inbound traffic hitting your server. The sooner you see an unusual spike in traffic that looks suspicious, the sooner you can start investigating.
  • Add filters to your router to drop packets from suspicious sources
  • Implement rate limiting in the event you are being attacked in order to avoid your server being overwhelmed.
  • Use a DDoS protection service

Comments

Post a Comment

Popular posts from this blog

OAuth 2.0 framework

What is OAuth 2.0? OAuth 2 is an authorization framework that enables applications to obtain limited access to user accounts on an HTTP service, such as Facebook, GitHub, and DigitalOcean. It works by delegating user authentication to the service that hosts the user account, and authorizing third-party applications to access the user account. OAuth 2 provides authorization flows for web and desktop applications, and mobile devices. This informational guide is geared towards application developers, and provides an overview of OAuth 2 roles, authorization grant types, use cases, and flows. This specification and its extensions are being developed within the  IETF OAuth Working Group . How does Social Login work? Social Login is a simple process, with the following steps. The user enters your application and selects the desired social network provider. A login request is send to the social network provider. Once the social network provider confirms the user’s ide...
Post a Comment
Read more
 SMSC Gateway Overview An SMS gateway is a platform or service that allows you to send and receive text messages (SMS) using telecommunication networks. It acts as an intermediary between computer systems or applications and mobile network operators, enabling the exchange of SMS messages. Here are some key points about SMS gateways: Functionality: SMS gateways provide the necessary infrastructure and protocols to enable communication between computer systems and mobile networks. They typically offer APIs (Application Programming Interfaces) that developers can use to integrate SMS functionality into their own applications, websites, or systems. Sending SMS: With an SMS gateway, you can send SMS messages programmatically from your own application or system. You need to interact with the gateway's API, providing the recipient's phone number, message content, and other relevant parameters. The gateway then delivers the SMS to the intended recipient through the mobile network. Rece...
Post a Comment
Read more

Cross-Site-Request-forgery-protection-in-web-applications-via-Synchroniser-Token-Patterns

What is Cross-site request forgery?   Cross-site request forgery , also known as  one-click attack  or  session riding  and abbreviated as  CSRF  or  XSRF , is a type of malicious  exploit  of a  website  where unauthorized commands are transmitted from a  user  that the web application trusts. Let’s take a look at a concrete example to get a better understanding. Assume that your bank’s website provides a form that allows transferring money from the currently logged in user to another bank account. For example, the HTTP request might look like: POST /transfer HTTP/1.1 Host: bank.example.com Cookie: JSESSIONID=randomid; Domain=bank.example.com; Secure; HttpOnly Content-Type: application/x-www-form-urlencoded amount=100.00 & routingNumber=1234&account=9876 Now pretend you authenticate to your bank’s website and then, without logging out, visit an evil website. The evil website contains an HTML page...
1 comment
Read more