0

What are the key components that define them and what are the differences? are there any standard structure of it? I've looked at several papers, and some of them using as a same, and some of them are not which makes me confused.

I understand that the difference is that DoS involves a single device or attacker, whereas DDoS infects multiple zombies or bots and attacks them, that is, there are multiple attackers. Is this Correct?

if it is correct, then multiple users(not zombies or bot.)intentionally attacking a specific server to be considered DoS or DDoS?

And one more question... Are 'DDoS' and 'DDos Attack' used as the same expression?

If there is a document or paper that defines the standards related to this, please recommend it! Thanks!

drchopin
  • 3
  • 2

1 Answers1

1
  • DoS: Denial of Service. A general category for any situation where something unexpectedly and adversely impacts the availability of a server or program. DoS doesn't always mean the service goes down entirely; it might simply become very slow, close connections before transmitting all data, have certain features not work, fail to respond within a timeout window for some users, or so on. DoS is not necessarily malicious; people will sometimes refer to e.g. misconfiguring their own router in a way that breaks their server as "DoSsing ourselves" or a bug that causes a memory leak where the server crashes after some number of totally normal requests as "causing a DoS". Generally, a DoS condition exists when either the software cumulatively exhausts resources (such as a memory leak) or can consume really inordinate amounts of resources (such as a decompression bomb or billion laughs attack.
  • DoS attack: As above, but something that is specifically triggered by an attacker, rather than something that happens in the normal course of activity. In many cases the "attack" is implied; if somebody says "we got DoSsed", you should default to assuming it was malicious action, even though later analysis might reveal that there wasn't actually an attacker. To reuse the examples above, a memory leak might be either something that would happen with or without an attacker but might also be something that only happens if the server tries to process requests that are malformed in a particular way that a legitimate client would never send, while a billion laughs attack is - as the name indicates - always implies an attacker; normal users don't have any reason to send such strange XML documents.
  • DDoS: Distributed Denial of Service. A DoS that specifically happens because too many clients are requesting data or other services at the same time. Unlike normal DoS, DDoS can happen simply due to overloading the server with ordinary traffic, rather than there existing a bug that causes resource exhaustion or server unreachability or an infinite loop or whatever. As with normal DoS, DDoS is not necessarily malicious; for example, the "Slashdot effect" occurs when a link goes up on a popular site and everybody clicks it at once, overloading the server behind that URL with too many requests per second for a little while; this is a form of DDoS, but the opposite of malicious.
  • DDoS attack: As with normal DoS, DDoS can also be triggered maliciously, and in many cases, if you're experiencing a DDoS (or even a potential one that hasn't yet impacted availability), it's reasonable to begin with the assumption that it's malicious. Since a DDoS by definition requires many clients, a single attacker usually can't directly cause a DDoS attack out of their own resources, but there are ways to harness the network connections of many, many people to simultaneously attack a single server. Some examples are:
    • Botnets, compromised machines where the attacker who has gained control rents out the services of thousands-to-millions of machines to whoever is willing to pay; an attacker might buy time on a botnet to set the "bots" to all trying to DDoS a specific site.
    • Dedicated attack software, such as LOIC, which allows multiple users to voluntarily grant a single attacker the ability to coordinate all the users' machines to send network traffic to the same target at the same time, sort of like a "voluntary botnet" but without giving the controller the ability to do anything but send network traffic.
    • Malicious website scripts (possibly present on many sites, if they're spread through an ad network or similar) which cause your browser to generate a large number of requests against a specific target. If enough peoples' browsers are running the same script at the same time, the traffic they generate against the target could overwhelm it even though the requests themselves are perfectly well-formed web requests.
CBHacking
  • 48,401
  • 3
  • 90
  • 130
  • Thank you so much! Denial of Service (DoS) are not limited to just traffic problems; they encompass various methods that can lead to a 'Denial of Service.' In contrast, DDoS are typically associated with traffic issues, as their definition implies the involvement of multiple clients. Both DoS attack and DDoS attacks adhere to these definitions but involve attackers who intentionally perpetrate them. Am I understand this correctly? – drchopin Oct 21 '23 at 01:50
  • Yes, though to be clear, a DDoS attack sometimes does involve a way for the attackers to make their requests unusually expensive, such that the same level of normal requests or the normal level of expensive requests wouldn't be a problem. The distinction between distributed and not is really just a matter of "can one client take this down or do a group - usually a big group - of them have to coordinate?" – CBHacking Oct 21 '23 at 07:10
  • So, an intentional attack on by multiple legitimate users, rather than zombies or bots, is qualify as a DDoS attack? – drchopin Oct 23 '23 at 02:50
  • Sure, though usually "legitimate users" and "intentional attack" don't go together. But you could get people doing that, and indeed people sometimes intentionally use attack coordination tools like LOIC - even the web-based version - to flood a target with traffic. – CBHacking Oct 23 '23 at 03:19