50
Denial-of-Service
Distributed Denial-of-Service
Single host attack
Multipe hosts attack
Simple to do
More complicated to do
Direct connection to the target
Trojans or daemons usage for remote connection
Easier to detect the source
Harder to detect the source
Dangerous enough to harm
More devastating to harm
Table 1 – Differences between DoS and DDoS
Figure 10 – Simple anatomy of DoS and DDoS
There
are
many
kinds
of
DoS
attack
mechanisms, which
are
also
able
to
be
applied in
DDoS
attacks.
TCP
SYN
Flood
Attack
is
one
of
the
most
common
types
of
DoS.
When
normal
TCP
connection starts,
a
destination host
receives
a
SYN
(synchronize/start) packet
from a source
host and sends
back a SYN/ACK
(synchronize
acknowledge)
packet.
Destination
host
must
hear
an
ACK
(acknowledge) of
the
SYN/ACK, before the connection is established (three-way handshake exchange). While
waiting for the ACK to the SYN/ACK, a connection
queue of
finite size on the
 |