'Denial of Service' Attack: Web site obsession

"Dear newspaper: at 7pm today, we will launch an attack on your online newspaper website in the form of DoS (denial of service attack), for the purpose of . checking Please check the defenses of the newspaper. Please note: the data will not be lost but the site will be forced to stop working during the time of our attack! ".

Two weeks ago, the threat was sent to Thanh Nien Newspaper, the author called himself "Central hacker group".By 'G' that evening, Thanh Nien Newspaper website still works normally.Maybe "Central hacker group" suddenly changed the plan at the end of the hour or that threat was just a joke of the idle.Even though the attack did not happen, the type of hack to deny service as "threatening" is always the obsession of websites.

Although a DoS attacker cannot gain access to the system or can change, if a system cannot provide information or services to users, that existence is meaningless. !There have been many famous DoS attacks on the world's leading commercial sites such as Yahoo, Amazone, eBay or even Microsoft a few years ago causing millions of dollars in damage.Recently, many domestic websites, including some online newspapers, have become victims of this form of attack.Consequently, users can not access the website, significantly affecting the operation of the website.

DoS denial of service (Denial of Service) is the common name for an attack that causes a certain system to be overloaded and unable to provide services, or to be deactivated.For good security systems, it is difficult to penetrate, denial of service attacks are used by hackers as a finish to destroy the system.Depending on the implementation method, DoS is known under different names: the most classic is the DoS (Denial of Service) attack by taking advantage of the weakness of TCP (Transmision Control Protocol);The latter is DDoS (Distributed Denial of Service) - distributed denial of service attack;The latest is a denial of service attack using the DRDoS reflection method (DistributedReflection Denial of Service).

In order to perform "DDoS Distributed Service Denial Attack", the attacker seeks to take over and control multiple computers or intermediate computer networks (acting as zombies) from many places to simultaneously send the massively Packet (packet) in very large quantities, the purpose of appropriating resources and flooding the path of a certain target.Particularly, "Reflexive denial of service DRDoS" only appeared recently but is the most dangerous type.If done by professional hackers, no system can stand up to it.More significantly, there have been many viruses, worms, and trojans that automatically perform DoS attacks.

There are also other variants: Broadcast Storms, SYN, Finger, Ping, Flooding . with the aim of appropriating system resources such as Bandwidth, Kernel Table, Swap Space, Cache, Hardisk, RAM, CPU . causes the system operation to be overloaded, thus failing to meet valid requests.In particular, the current variant "fashion" is the Flood form - "flooding".The attacker uses flash scripts (scripts), which are attached to web pages with a large number of visitors.Each member accessing these forums will accidentally activate the flash file to perform DoS attacks on specific targets.Many domestic attackers now also write software capable of automating the process of flooding input forms, automatically sending requests (requests) continuously to the server causing the system to be overloaded.

Denial-of-service attacks are often very difficult to prevent due to the unexpectedness and often having to defend in the passive "battle" that took place.System administrators should regularly update the latest software patches, antivirus programs, trojans and worms for the system.Turn off all unnecessary services on the system and close all service ports that do not need to use.Setting up a backup server at another address to circulate as soon as an incident occurs, the system will not be interrupted.Use a router / firewall to restrict, remove invalid packets, reduce the amount of traffic on the network and the system load.For websites that use input forms, it is recommended to install the "security code" feature;limit IP registration at the same time . to limit data flooding.In addition, information is required for Internet service providers (ISPs) to immediately block invalid data packets remotely.In particular, playing the most important role is still the administrators with the need to closely monitor and supervise the system to promptly analyze and find causes to deal with when incidents occur and do not forget often update new knowledge .

To Tam - Thanh Nghi