24 Nisan 2018 Salı

Distributed Denial of Service Attack - DDoS

DDoS Nedir ?
Distributed Denial of Service saldırısının amacı hedef sistemin kaynaklarını tüketerek tepki veremeyecek hale getirmektir. Açıklaması şöyle.
A conventional distributed denial of service attack (DDos) is a class of denial of service (DoS) attacks in which a distributed system (botnet) consisting of nodes controlled via some application (Mirai, LizardStresser, gafgyt, etc.) is used to consume the resources of the target system or systems to the point of exhaustion.
Bulut tabanlı DDoS saldırı platformları kurmak ilginç bir fikir. Ancak DDoS saldırısında esas amaç başka bir sistemi ele geçirip silah olarak kullanmak.

PDoS Nedir ?
Permanent Denial of Service (PDoS) saldırısının amacı hedef sistemi tekrar kullanılamayacak hale getirmektir. Yani bir anlamda tahrip etmektir. Açıklaması şöyle.
DDoSes are ephemeral. Once the attack vector is removed or the DDoS stops the device works. (Or in the case of Mirai, the rest of the internet works.)

PDoSes update the device so it cannot work, ever again.

DDoS ve TCP
Sadece TCP protokolünü kullanarak saldırıda bulunmak pek elverişli değil. Açıklaması şöyle.
There are a few other TCP based DDoS attacks, but they aren't very common due to the fact that TCP is by design quite inefficient for performing (simple) DDoS attacks. Application layer attacks (exhausting CPU, database, disk, etc) are often done based on TCP (for example by generating a lot of HTTP requests to a webserver), and there are few known attacks which try to abuse the TCP protocol, for example by sending illegal combinations of TCP flags or incorrect fragmenting. The 'teardrop attack' was a well known example of that, which used overlapping fragments to crash devices receiving the packets when reassembling them.
Attack Nedir
Açıklaması şöyle.
An event is something that has triggered notice. An event need not be an indication of wrongdoing. Someone successfully logging in is an event.

An incident is something that indicates a problem, however you define "problem". It carries from an event but has a layer of interpretation on top. Someone successfully logging in when they are on long-term sick leave and should be unable to use a computer is an incident.

An attack is an incident with malicious intent. Someone brute-forcing the credentials of someone on long-term sick leave is an attack. A manager asking the person on long-term sick leave for their password so that they can gain access to the person's work product for the benefit of the business is not an attack. It might be an incident, depending on your policies.

A threat is anything that has the potential to cause an incident. People, weather, machines, etc.

Hiç yorum yok:

Yorum Gönder