Understanding DoS and DDoS Attacks: Implementation and Prevention on Ubuntu
Introduction
A Denial-of-Service (DoS) attack occurs when an attacker makes a network or system unavailable to users, either temporarily or indefinitely. A Distributed Denial-of-Service (DDoS) attack, on the other hand, utilizes multiple systems to overwhelm a target. Both types of attacks can be harmful, often going unnoticed as users might think there’s simply an issue with the internet connection or their system is slowing down. In this blog, we’ll explain how attackers implement DoS and DDoS attacks, the vulnerabilities they exploit, and how to prevent them. The demonstration is done within a virtual machine, ensuring no actual machines are harmed, and it is intended for educational purposes.
What is a DDoS Attack?
A DDoS attack is a serious threat where attackers flood a system or network, causing it to slow down or crash, and allowing them to steal sensitive information. You might wonder how something as simple as a slowdown could be part of an attack. Attackers often use methods like HTTP poisoning or ARP poisoning to flood a network, effectively locking users out while they infiltrate the system. A notable DDoS attack occurred in 2020 when Amazon Web Services faced an overwhelming attack that lasted for three days. This highlights the continued threat of DDoS attacks, which are expected to increase in the coming years. This blog will walk you through how a DoS attack is executed, its effects, and how to prevent it.
Setting Up DoS on Ubuntu
To demonstrate a DoS attack on Ubuntu, we first need to install Apache server with evasive mode. Apache is a widely used, free web server that powers about 40% of websites, and evasive mode helps protect the server from attacks like DoS and DDoS. To install Apache with evasive mode, run the command: sudo apt-get install libapache2-mod-evasive. If you’re not familiar with Linux commands, there are other resources available that explain common commands in both Ubuntu and Kali Linux. After installation, you’ll be prompted for configuration; for this example, we’ll choose ‘Local Only’ since the attack is performed in a virtual machine.
Once Apache is installed, the evasive mode needs to be enabled. To do this, use the command: a2enmod evasive. Afterward, you can open the configuration file with a2query -m evasive. This will show the configuration window where you can set up the DoS hash tables. These tables control page requests, limiting them to 20 requests every 5 seconds, which will slow down the server and eventually cause it to stop responding.
Next, a directory will be created to store log files using the mkdir command. Once the directory is created, permissions are granted with chown. This allows the system to track and store information about the incoming requests.
Initially, without the DoS hash table, running a test command will establish a connection, as expected. However, once the DoS hash table is implemented, the connection will fail. This demonstrates how a DoS attack can block access by slowing down and eventually halting the connection.
Preventing DoS Attacks
To prevent a DoS attack, the first step is to identify the attacker’s IP address. The log directory created earlier will show details of the attack. In this case, the attacker’s IP address is shown as ‘127.0.0.1’. Once identified, you can block this IP address by blacklisting it in the configuration settings for evasive mode. Alternatively, you can whitelist trusted IPs to prevent future attacks.
Once the settings are updated and saved, the attacker will be blocked, and the connection will be re-established. The attack will no longer affect the system. However, in the case of a DDoS attack, multiple IPs may be involved, making it much harder to pinpoint and block the attackers.
Conclusion
While DoS attacks are common and can be prevented by blocking attackers through methods like blacklisting IPs, DDoS attacks are much more challenging to stop. In this demonstration, we saw how a single attacker was able to carry out a DoS attack, disrupting the system and preventing normal use. Despite the tools available to mitigate attacks, such as Apache’s evasive mode, DDoS attacks are still a significant threat, as seen in the recent attack on Amazon. The complexity of these attacks makes them hard to detect and prevent, but with ongoing research, better solutions may emerge in the future.
