Apr 30, 2015 03:58 AM
Most people might have heard of DDoS attacks (Distributed Denial of Service) (wikipedia.org) at some point while being online.
They are usually coordinated attacks that attempt to overwhelm queries to a server to either directly effect the servers capacity to function or just effecting the DNS server that deals with resolving a canonical domain name to it's IP. This causes the effect that a site is down and most average users will assume that the site isn't reachable.
What most people don't necessarily know is that DDoS attacks that effect the DNS resolution aren't just done because of some anarchistic need to grind a site to a halt, they can actually be used as a cover attack for gaining access to peoples accounts through stolen username/passwords that are sold online.
Where most people give up trying to resolve the domain during an attack, attackers can simply add aHOSTS file (wikipedia.org) entry of the domain with the IP of the server and completely bypass going through DNS resolution. This means they can literally have access to the site while everyone else (including the admininstrators in some instance) are locked out.
It's therefore best in any cyber security practice to keep a watchful eye on the logs of the server during the time that such an attack takes place, since only those with the technical skills will likely be accessing a resource while an attack is taking place. (Not everyone that knows how to work around an attack is involved in one, however the number of legitimate accesses will be greatly reduced and suspicious.)
They are usually coordinated attacks that attempt to overwhelm queries to a server to either directly effect the servers capacity to function or just effecting the DNS server that deals with resolving a canonical domain name to it's IP. This causes the effect that a site is down and most average users will assume that the site isn't reachable.
What most people don't necessarily know is that DDoS attacks that effect the DNS resolution aren't just done because of some anarchistic need to grind a site to a halt, they can actually be used as a cover attack for gaining access to peoples accounts through stolen username/passwords that are sold online.
Where most people give up trying to resolve the domain during an attack, attackers can simply add a
It's therefore best in any cyber security practice to keep a watchful eye on the logs of the server during the time that such an attack takes place, since only those with the technical skills will likely be accessing a resource while an attack is taking place. (Not everyone that knows how to work around an attack is involved in one, however the number of legitimate accesses will be greatly reduced and suspicious.)