DDoS and botnets

DDoS and Botnets

Introduction to DDoS attacks and botnets

DDoS attacks are distributed denial of service attacks. It is a malicious attack where the attacker floods a website server with requests to create internet traffic. It prevents users from having access to the website. If a user does manage to gain access it will be very slow.

A botnet is where are group of computers have been infected and are controlled by a cyber criminal. The cyber criminal first exposes vulnerabilities to malware. This malware infects the device so it can be controlled by the virus. The cyber criminal then uses this infected computer for attacks.

Diagrams

Goal of attack

The goal of a botnet is for a hacker to accomplish their selfish desires. This includes scamming companies into giving up money and shutting down webpages to sabotage a rival company.

The goal of a DDoS attack is to prevent people using a website. Rival businesses might do this so that customers come to them instead. This will lead to them gaining more sales and money. Cyber criminals will use this attack to hold the website randsom for money.

How to detect and prevent attacks

To detect a botnet you can analyse the flow of the traffic of the website. If there appears to be a lot of traffic then the chances of the cause being botnets is high. A few ways to prevent a botnet are regular software system updates, monitoring the network for anomalous activity and investigating failed login attempts.

To detect a DDoS attack you should monitor the website. If there is a sudden spike in traffic that doesn't calm after a while then the website is under a DDoS attack. A few ways to prevent a DDoS attack are to install anti-virus softwares, make sure you have a firewall installed and minimise the surface area that can be affected.

Graphs

Botnet

DDoS attack

Examples

Botnet attack example - EarthLink spammer 2000 When:

• During the year of 2000.

Who:

• The leader of the botnet attack was called Khan K. Smith.

How:

• Smith sent 1.25 million phishing scam emails in a little under a year.

Why:

• Khan intended to collect sensitive information like credit card numbers.
• He also hoped to download viruses on his victims devices.

Results:

• EarthLink sued Khan K. Smith for $25 million.

DDoS attack example - google 2020 When:

• On the 16th October 2020.

Where:

• The attack was mounted from three Chinese ISPs.
• This could imply the attack originated from China.

Who:

• The company that was the victim of the DDoS attack was google.

How:

• The attacker used several networks.
• These networks spoofed 167 Mpps to 18000 exposed SMTP, CLDAP and DNS servers.
• This sent large responses to google.

Why:

• To make it difficult to use the very popular web browser

Are these better attacks than others?

In my opinion, I would have to say that these attacks are not better than the other types of attacks because at most the DDoS and botnet attacks can slow down a website. Other attacks are capable of causing much more damage.