Understanding DDoS 271
■ The OS terminates the offending program due to the program operating outside its
allotted memory space.■ The address of the hacker’s malicious code, which now resides in the overflowed stack,
winds up in the EIP, causing that code to execute.Basic operators such as < (less than), > (greater than), and => (equal to or
greater than) are used to test your understanding of memory bounds and
buffer overflows. Remember the basic concept of a buffer overflow, and
also keep in mind that any value outside the normal range constitutes an
overflow condition.Understanding DDoS
Distributed denial-of-service (DDoS) attacks have the same goals, but the implementation
is much more complex and wields more power. Whereas a DoS attack relies on a single
system or a very small number of systems to attack a victim, a DDoS attack scales this up
by having several attackers go after a victim. How many attackers? Anywhere from a few
hundred to a few million in some cases.
DDoS Attacks
DDoS attacks have the same goal as regular DoS methods; however, the difference lies in
the implementation of the attack. A standard DoS attack can be launched from a single
malicious client, whereas a DDoS attack uses a distributed group of computers to attack a
single target. Check out Figure 11.3 to see a diagram of a DDoS setup.
As you can see in Figure 11.3, quite a few parts are involved when launching a DDoS
attack. Conceptually, the process is quite simple. The attacker first infects the handler, or
master computer, with a specific DDoS software build commonly known as a bot. The bot
in turn sifts through the victim’s network searching for potential clients to make slaves, or
zombies. Note that the attacker purposely chooses their handler unit or units based on the
positional advantage it will give them for their DDoS attack. This equates to a unit that has
maneuverability in the network, such as a file server or the like. Once the handler systems
have been compromised and the zombie clients are infected and listening, the attacker need
only identify the target and send the go signal to the handlers.
For the exam you must be able to draw a distinction between a DoS and
a DDoS. With DoS, you typically see a single or a very small number of
clients attacking a target; with DDoS, a large number of clients attack a tar-
get. You could thus say that the main difference is scale; however, in either
case the end result is the same—a victim is taken offline.