DDOS attack - How to detect one

[DextrousDave]

Hi All


How do you know when you are having a Denial of Service attack? I know some antivirus programs pick it up, but else do you look for?Slow CPU, heavy network traffic? Also, how is one generated? A script, like a bat file or a simple cmd command?


Thanks

[Stackprotector]

Hi All


How do you know when you are having a Denial of Service attack? I know some antivirus programs pick it up, but else do you look for?Slow CPU, heavy network traffic? Also, how is one generated? A script, like a bat file or a simple cmd command?


Thanks

Don't hesitate to post an introduction.

The idea behind a DDoS is flooding of packages by a [D]DoS distributed system of bots/programs.
On what system are you operating/wanting to detect the attack.

You could use the search function here or google and read something about networking and botnets.

[WirelessDesert]

Could you post the ip address that maybe shows up in your antivirus? It could just be a bug, because why would some one want to do a dedicated DDoS on you?

::edit::
And again, I failed to interpret the thread.

Simply seeing a lot of unexpected traffic flooding in would  probably indicate an attack.

[DextrousDave]

No the attack happened a while back  - But the ip address came from a PC on my LAN and although I know it was not the person at that PC, it had to come from the VPN that PC was connected to. IS s DDOS attack one where you sent large packets, continuously by using the ping command with other params like buffer size?

[Snayler]

No, a DDoS (Distributed Denial of Service) is a attack performed by multiple computers (i.e. a botnet).
If it came from one computer, it would be just DoS. But it depends on what that computer was sending, and honestly, with the little information you provided, it's hard to guess what happened.

[DextrousDave]

Thank you Snayler - OK I see. Yeah I was just wondering. I searched this site but there are no real insightful posts on Dos and DDOS attacks. I want to learn more about them, where can I go? Now how do you initiate a normal DOS attack? From cmd or do you use software for that?

[Snayler]

Well, here are some good links for learning more about DoS attacks:

Code: [Select]

https://www.cert.org/tech_tips/denial_of_service.html
https://en.wikipedia.org/wiki/Denial-of-service_attack
http://www.cs.utexas.edu/users/chuang/dos.htmlThis last one seems to have some good examples and links to another pages describing various attack vectors and possible solutions. But it also seems a little outdated.
The wikipedia link seems to be full of information on DoS attack types.

Anyway, these 3 links were obtained via a simple google search. I guess there are some more pages with info on DoS.

[NovaCygni]

Thank you Snayler - OK I see. Yeah I was just wondering. I searched this site but there are no real insightful posts on Dos and DDOS attacks. I want to learn more about them, where can I go? Now how do you initiate a normal DOS attack? From cmd or do you use software for that?

If you want to learn more about DoS and DDoS take a peek at the source-code of a few of the tools available, its a very simple concept, and even easiar to initiate!.

[DextrousDave]

What tools are you referring too? I know about Loic - WHat other tools are there?

[Snayler]

What tools are you referring too? I know about Loic - WHat other tools are there?

You really need to learn how to google...

[Bye_Webster]

Learn With Amazing Tools, pentbox 1.5.. realy" cool..

[hacker@sr.gov.yu]

Here is one 

Code: [Select]

https://code.google.com/p/httpflooder/
HTTPFlooder is a tool that can perform stress tests, load tests, botnet simulation, DoS/DDoS tests and fuzzing for HTTP protocol.
It supports the following attack types:
GET Flood
POST Flood
Slow Headers (Slowlories)
Slow POST
Hash DoS
Mix Flood (mixing GET/POST Flood)
Range Bytes
HTTP Header Fuzzing
Slow Header Fuzzing
MX Flooder over Balancer


And:


What a DDoS Attack Looks Like:

Code: [Select]

http://www.youtube.com/watch?feature=player_embedded&v=hNjdBSoIa8k

Code: [Select]

http://gizmodo.com/5995429/how-a-ddos-attack-looks-as-it-happens