WHAT  AND WHY ?

Most of u probably heard for DDOS attacks and most of u know what kind of attack DDOS is.What is important i would like to clarify it before we continue is what people often don't know the difference between DOS and DDOS  attack.DOS stands for denial of service attack.It means that the Dos attack force server or some component of server to reach its limit and stop working for some time of forever.Its executed in the way that there is great amount of requests sent to server at the same time.More requests than server can receive so server starts to reject new requests done by normal people.I will explain this more in detail but first lets explain that extra D in DDOS.The extra D stands for distributed so DDOS would be distributed denial of service.Difference between DDOS and DOS attack is that DDOS is executed from more different places at the same time.Lets take for example some site that have limit to accept 1000 requests (example 1000 login requests ) at the same time.Now imagine that someone send 1500 requests to that site and you want to login there also,what will happen?Your request will be denied and u will probably see page cannot be displayed or something similar.Most of the attacks are executed with use of „zombies“ (pc's infected with some kind of bot)so they are sending request to targeted website(server) without even knowing it.Also there is one more thing take same website as example and assume that there is not one person who who is sending those 1500 requests,but imagine that there is 1500 actual users that are trying to to login there.Same thing will happen,DDOS will occur.So in simple words DDOS attacks are done by sending large amount of traffic to your server until it crashes.Why those attacks are done you can think of million reasons.Some of them are:Concurrent company payed for the attack so they can knock you out of business,that is the case in most of them.Other but rare reasons are that someone is doing it just to test the power of its botnet of u messed with someone that want to get some revenge on you.I will not discuss anymore why someone will DDOS you,since if u are DDOSed its not really important why.What is important is how to protect from it

PROTECTION

Protection against this attack is actually pretty simple.But first thing u should do is make sure its real DDOS attack and not false.What i mean here if those are real users and your server doesn't have enough capacity to receive them you shouldn't be thinking of how to block them but how to change server to some better one.To make sure if its real DDOS or lack of capacity on your server take traffic statistics and check them.For example i will take statistics for 1 month.If u see the increase of the traffic for example 50 new users every day until the date your server crashed and you don't see and drastic increase its not DDOS.Now if u see lets say 50 new users every day until the start of attack and u see about 1000 or more new users you are getting DDOSed 90%.Now those numbers above are imagined only to help you understand how to identify difference between real DDOS and lack of capacity of your server.Now that u identified the real DDOS its time to do something about it.Most simple and mostly used solution is to install some script that redirects or blocks requests that are done by specific rule.Rules can be adjusted by you inside those scripts.For example make the rule to redirect to google all requests to server from same ip if there is more than X requests in less than 30 seconds.That would mean that if there is more than 5 requests from same ip in less than 30 seconds script will start redirecting them to google.com.If not everything will continue as normally.Also you can set it to block the ip instead of redirecting it anywhere its your.choice.There is allot of those scripts online that u can find and use for free.Another thing if your don't want to use those scripts is u can install some good firewall that will block them.Nowdays there is allot of those who attacks who don't send the big amount of traffic but they use some additional bugs in servers.For example there is Slowloris http DDOS.It uses the bug in apache when receiving partial http requests so u could say apache server gets confused and eat its own resources.I mentioned this because If u are being DDOSed u can check logs and determine exact type of DDOS and than search The scripts that are made specially for the defense of that type of attack to get maximum efficiency in defending your server.Also my recommendation is to install mod2 security (complete IDS package) which will not only save u from DDOS but also from other types of attacks mentioned in previous parts of this course