Multiple Domain Hosting, cPanel & Linux WebHosting Services by ForHost2U

ForHost2U guarantee your business continuity!

By means of excellent technology and our skilled team you can relax, while we focus all our efforts on ensuring your services and income.

ForHost2U has been bringing Professional, Affordable and Quality Webhosting to users all around the globe. Here at ForHost2U, we offer everything larger companies do & even more, but for only a fraction of the cost. We provide Shared Hosting Solutions for both individuals and businesses.

We currently use Quad Core and Quad CPU Servers with HyperThreading Technology running Linux (Redhat & CentOS) with cPanel/WHM and Fantastico installed. All server data is backed up on a weekly basis.

We would be proud to have you as our customer - contact us!

Our address:
ForHost2U
109, Binjiang Road, Qianwei Yujin.
Leshan, Sichuan, 614400
Our Site: www. forhost2u.com

What is DDoS?

1. DDoS is a type of denial of service attack performed by and synchronised between more than one attacking host. A denial of service attack is an attack which is designed to render the target system incapable of offering the service that is being targeted. In some cases the target system may crash and become unusable, in other cases the attack consumes resources on the target system. Attacks designed to crash a service or system are called “nukes”; resource consumption attacks are known as “Floods”.

2. Common techniques for denial of service are as follows [3]: SYN floods ICMP floods (including “Smurf” ttacks)UDP floods (including “Fraggle” attacks) Application level floods Nukes (malformed or specially crafted packets)

3. A SYN flood is a sequence of TCP session initiation packets, often from incorrect (or “spoofed”) IP addresses. The result is that the target tries and fails to establish a number of TCP sessions, which consumes resources on the target. An ICMP flood is a sequence of ICMP echo request packets from spoofed IP addresses. Echo requests are usually answered by an echo reply packet if the target is operational, so such an attack will consume resources on the target. This attack will also consume resources on the spoofed source IP addresses as they will receive a number of ICMP echo replies. The same idea is used in a UDP flood where a sequence of UDP packets, often from spoofed IP addresses, are sent to UDP ports such as 7 (echo) or 13 (character generator). Smurf and Fraggle attacks exploit the fact that a source IP address sending an ICMP or UDP flood will be flooded with reply traffic, by flooding the broadcast address of a target network with ICMP or UDP packets. All operational hosts on the target network will respond to the spoofed source IP address.

4. Application level floods will depend on the application being flooded. The commonest application level flood is multiple requests for web pages directed against a web server. Similarly mail servers can be flooded with email and/or email with large attachments. In the case of email, the email sender and recipient addresses are usually spoofed.

5. As indicated above, nukes are designed to crash remote systems. Nukes can be extremely varied depending on how the IP packets are malformed or crafted. Common examples include “Land” (where the source and destination IP addresses are the same), “Christmas Tree” (where the FIN, URG and PUSH TCP flags in the packet are set) and “Teardrop” (where IP fragments overlap when reassembled). Nukes can also occur at the application layer: witness the recent exploits for Microsoft Windows Server Message Block (SMB) traffic [4].

6. A typical architecture of a DDoS attack network consists of three layers:
· A client computer that is operated by the attacker
· A number of handlers (also known as masters) which are controlled by the client, and
· A number of agents (also called zombies or daemons) which are controlled by the handlers and which perform the denial of service attack.

7. The client scans hosts for a particular set of exploitable vulnerabilities. Details of those that are vulnerable are recorded. Those vulnerable hosts are then compromised by the client. The handler software is then installed automatically on the vulnerable hosts. The handlers then perform further automated scans for further vulnerable systems to compromise, which then become agents. The agents
then perform attacks controlled by the handlers, which are in turn directed by the client.

8. DDoS tools often hide themselves on the compromised systems so that system administrators and users will not be able to detect that those tools are present. They may do this by using plausible file or process names, but many DDoS tools include altered operating system commands that aim to make the DDOS tool and its processes and network activity invisible to the system user. Programs of this kind are known as “rootkits”, and a number exist for UNIX systems and, to a lesser extent, for Windows systems.