DOS (Denial of Service) Attack:
This attack takes place when original users are unable to access information from system, devices or from another network resources caused due to actions of a malicious threat actor. In this case of Denial of service attack typically uses a single computer and internet connection and flood the target system with fake requests and thus causing traffic and obstruction of service provided by the target system to intended users. These kinds of attacks have evolved technically now a days most of attacks taking place are DDOS Large Distributed Denial of Service (DDOS) they disrupt organizations website availability causing higher damages. Both DOS and DDOS purpose is same the only difference is DOS attack come from one source whereas DDOS attacks come from multiple locations.
GITHUB Denial of Service Attack 2018:
I would like to focus on most famous and Recent 2018 Major denial of service attack using Distributed system also considered as worlds biggest DDOS attack in the world. Code repository GitHub was under attack in 2018 and magnitude of attack varying from 1.3Tbps to 1. 7Tbps.Luckily in this case there are no outages as service provider has taken enough precautions to mitigate the attack.
The Attack used secured Memcached DB servers to magnify traffic against the GITHUB. The assailant spoofs the UDP address of its victim and
The attacks use shoddily secured Memcached database servers to amplify attacks against a target. The attacker spoofed the UDP address of GITHUB and pinged small data packet at a Memcached server that did not have verified traffic requirement in place. The server replies with 50k times the data it received. With many data packets sent out per second, the Memcached server magnified the data that was sent to target system. If there was no proper filters and network management, the huge amount of data could take down many websites.
Suggestions to Safeguard from such attacks:
Completely avoiding these attacks is not possible as we are hosting out websites on internet for all kind of users. But we need to be well prepared for the sudden attacks we can observe this by monitoring the traffic continuously, there are many tools in market which can give protection against DDOS attacks via application layer. In some cases some websites operate only in the specific regions if the companies are operating only in use then its suggestable to restrict use of the website by other countries mostly from countries where these threats are coming. Activating a web application firewall can also be helpful to keep malicious traffic away.For above example we can try interrupting UDP traffic from port 11211, it is the major point for traffic from Memcached servers . These servers need to be locked for avoiding dos attack.