0850 800 1483
A DoS attack is an attempt to make the web resource unusable for users by flooding the target URL with more requests than the server can handle. Thus, regular traffic on the web resource is slowed down or completely interrupted for the duration of the attack. Unlike a virus or malware, a DoS attack does not depend on a specific program to run. Instead, it exploits an inherent vulnerability in the way computer networks communicate.
A DDoS attack is a DoS attack performed from multiple sources simultaneously. A DDoS attack requires the attacker to gain control of a network of online machines to carry out the attack. Attacks use multiple malware-infected machines, known as botnets. Thus, attackers can control these machines remotely.
From a single computer, it is difficult for attackers to generate the volume of traffic necessary to take down a network or website. DDoS attacks typically require dozens of devices operating. This is known as a botnet and users are unaware that their devices are participating in a botnet attack due to malware installed on their machines.
1-) Volume-Based Attacks
To carry out Volume-Based attacks, attackers use many websites and internet connections to block traffic. Thus, a large amount of it clogs the available bandwidth of the website. Volume-Based attacks are measured in bits per second (Bps).
UDP flood is an example of a volume-based attack. UDP required for Internet protocol (IP) suite
(User Datagram Protocol) and utilizes a non-login network protocol. In a UDP flood attack, the attacker floods random ports on the targeted host. Thus, as more UDP packets are received and responded to, the system cannot handle the requests and therefore becomes unable to respond.
2-) Protocol Attacks
Unlike other attacks, protocol attacks try to consume server resources and websites, not band resources, by making fake protocol requests. Additionally, “intermediate communications equipment” server and website tools are also targets. The power of these attacks is measured in packets per second (Pps).
2.1 Smurf DDOS
Smurf DDoS, a protocol attack, also takes advantage of ICMP (Internet Control Message Packet), which contains the attacker's spoofed IP of the user. He then broadcasts the IP on a computer network using an IP broadcast address. If the number of devices on the network is large enough, service on the network is disrupted because the user's computer responds to the source IP address of most devices on the network.
3-) Application Layer Attacks
Application layer attacks require fewer resources than volume-based attacks and protocol attacks. Application layer attacks; It aims to disrupt certain functions or features of a website, such as its online operations. This type of attack mimics the traffic behavior of users in applications such as Apache, Windows, and OpenBSD, knocking down servers by making a large number of seemingly harmless requests. However, because application layer attacks only target specific application packages, they can go undetected. The strength of these attacks is measured in requests per second (Rps).
Slowloris, an application layer attack, is a highly targeted attack that allows a web server to take over another server without affecting other services or ports on the target network. It performs this attack by establishing multiple connections to the target web server and keeping these connections open as much as possible. Slowloris constantly sends more HTTP headers to these connections but never completes a request. The targeted server keeps each of these false connections open. This eventually exceeds the maximum amount of concurrent connections and leads to additional connections being rejected from clients.
The place of your technical infrastructure, which grows with your institutional development, is also growing at the same rate. In order to strengthen your defense against these attacks, which can reach incredible dimensions, you should have an Access Denial (DoS / DDoS) Test once a year.
Denial of access attacks are known as the nightmare of commercial platforms and the size of the attacks is increasing day by day. Access Denial Tests are required in order to minimize financial loss against possible attacks and to simulate the moment of crisis.
As a result of the Access Blocking Tests conducted to overload and disable the system with simultaneous attacks from one or more different IP addresses, the behavior of your system against these attacks is analyzed and proactive solutions are produced by our expert team.