A denial of service (DoS) attack is a malicious attempt to bring down or disrupt a network, servers, or devices connected to the internet so legitimate users can\u2019t use its services. It\u2019s accomplished by crashing the server or flooding the target network with more traffic than it can handle.<\/p>\n\n\n\n
Crashing the server is made possible by the \u201creflex\u201d actions of the TCP\/IP protocol, where the server replies to communications that access it. For example, if a server receives a synchronization request (SYN flag) to open a communication, it will reply with an acknowledgement (ACK or SYN ACK flag) and prepares to start a session. When it receives the ACK flag, the bad actor knows it hit its target. Then it proceeds to send numerous SYN flags to create new sessions to use up the server\u2019s memory or CPU.<\/p>\n\n\n\n
That\u2019s an example of a SYN attack. There are also ACK attacks, RST attacks, FIN attacks, and combinations of the above and more, which can also crash the server.<\/p>\n\n\n\n
Then there are flood attacks. Once the bad actor knows the IP address of the target, they can overwhelm the network with more traffic than it can buffer, eventually causing it to stop.<\/p>\n\n\n\n
Then there\u2019s the Distributed Denial of Service (DDoS) attack, a variation of DoS attack where the bad actor organizes multiple signals from different IP addresses and locations to stop the services or flood the network. There are many more types of DoS attacks, limited only by the malicious actor\u2019s imagination.<\/p>\n\n\n\n
Each one of those attacks requires a different solution when you have a server that is exposed to the internet.<\/p>\n\n\n\n
To carry out a DoS attack, the bad actor needs two things:<\/p>\n\n\n\n
Once they have that information, they can start collecting details about the networks, such as routers, servers, services they are providing, software, operating systems, and so on.<\/p>\n\n\n\n
So the first thing the bad actor will do is to look for the IP address using tools like ping and DNS lookup. If there\u2019s no DNS associated with the network they\u2019re trying to bring down, they can figure it out by searching the internet for IP addresses used by the company\u2019s ISP. They can use pinging and routing tools to see which ISP is associated with this company.<\/p>\n\n\n\n
Once they have the IP address, the bad actors scans for open ports to know which ports to attack. They know they\u2019re successful when they get a response, followed by slower and slower responses. They assume they succeeded in bringing down the service when they don\u2019t get a response at all. (In our next post we will explain how we use this assumption for defense or offense.)<\/p>\n\n\n\n
Vendors today offer various solutions to protect networks from DoS attacks, but they are not good enough. Bad actors succeed in denying services to and from networks despite DoS \u201cprotections.\u201d<\/p>\n\n\n\n
Great Wing has devised different solutions for protecting networks from DoS attacks. Our solutions differentiate between two categories of network services:<\/p>\n\n\n\n
Tailoring the DoS solution to the different types of services provides almost perfect DoS protection. In this article we will discuss protection for the second scenario where the network provides private services while allowing access from any IP address.<\/p>\n\n\n\n
For networks providing private services, the first step in protecting your server and devices is to not use DNS.<\/p>\n\n\n\n
Great Wing products don\u2019t require DNS. And we advise our customers not to list their IP addresses on the company name so there won\u2019t be an easy way to find an association between the IP addresses and the organization.<\/p>\n\n\n\n
Great Wing developed the Wormhole\u2122 protocol that solves most of the problems inherent to TCP\/IP protocol and their automatic reflex actions. The Great Wing Ghost\u2122 software translates TCP\/IP to the Wormhole protocol and back again to TCP\/IP. The Ghost doesn\u2019t remain at a specific IP address or port, but jumps from place to place.<\/p>\n\n\n\n
If a bad actor tries to run a DoS attack on the Ghost, they will have to find the IP address where there\u2019s no DNS and no IP address associated with the organization. That\u2019s the first obstacle. Then they have to find an open port. The malicious actor won\u2019t find open ports because there aren\u2019t any open ports in the Wormhole.<\/p>\n\n\n\n
Because the Ghost jumps from place to place and the bad actor needs to know where the Ghost is to attack it, it makes it practically impossible for the bad actor to attack.<\/p>\n\n\n\n
With the Ghost software, the hacker:<\/p>\n\n\n\n
With Great Wing, there\u2019s no DNS, no assigned IP addresses, and no open ports.<\/p>\n\n\n\n
If they try to attack a random IP address and the network is protected by Great Wing, they still won\u2019t succeed because they cannot find an open port.<\/p>\n\n\n\n
Great Wing also offers a solution that blocks DoS attacks from servers that you want to expose to the internet, such as mail servers and web servers. We will discuss that solution in a separate article.<\/p>\n","protected":false},"excerpt":{"rendered":"
A denial of service (DoS) attack is a malicious attempt to bring down or disrupt a network, servers, or devices connected to the internet so legitimate users can\u2019t use its services. It\u2019s accomplished by crashing the server or flooding the target network with more traffic than it can handle. Crashing the server is made possible […]<\/p>\n","protected":false},"author":1,"featured_media":13083,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-13082","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/13082","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=13082"}],"version-history":[{"count":1,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/13082\/revisions"}],"predecessor-version":[{"id":13084,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/13082\/revisions\/13084"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media\/13083"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=13082"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=13082"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=13082"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}