Hello guys,
I was reading about DoS attacks on Apache servers but the "Brute Force" word pops up sometimes I know DoS attacks but "Brute Force" seems to be similar, is there a difference or it is just another word of DoS ??
Hello guys,
I was reading about DoS attacks on Apache servers but the "Brute Force" word pops up sometimes I know DoS attacks but "Brute Force" seems to be similar, is there a difference or it is just another word of DoS ??
DoS or Denial of Service is an attempt to make a computer resource unavailable to its intended users. it generally consists of the concerted, malevolent efforts of a person or persons to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely
A brute force attack is a method of defeating a cryptographic scheme by systematically trying a large number of possibilities. For example trying a large number of the possible keys in a key space in order to decrypt a message.
A "brute force" attack refers to attempting every possible combination, usually in a cryptographic context. (For example, if I'm guessing your password, I can start with "a" and then "b" and then "c" and so on; or if I'm trying to solve a Sudoku puzzle, I can try every possible combination until I find one that works.)
Obviously this is unrelated to a Denial of Service attack (which usually refers to sending so many bogus requests that a server is overwhelmed). If you're seeing both phrases in the same context, the author is probably confused.
Brute force attacks use a technique of attempting to try every combination of passwords/keys to gain access to a particular system. What the hacker does when they gain entry to the system depends on the motivation of the hacker.
DoS (Denial of Service) attacks describe cases where the motivation of the hacker is to bring down the system, causing maximum inconvenience to the users of the system.
They can't really be compared against each other, as brute force is a technique to gain entry, and DoS is a type of attack. It is possible that an attack could be both brute force and DoS.
Brute force refers to a solution to a problem that relies on computers being fast to get an answer. Generally, it works by trying all possibilities. For example, if you want to know the sum of all numbers 1 through 100, you could do something like:
sum = 0
for i from 1 to 100
sum = sum + i
end
That'd be brute force. You could also do notice that 1 through 100 contains 50 pairs totaling 101, and solve it like this:
sum = 50 * 101
That's an intelligent approach. Note that brute force is generally easier to come up with.
The concept is extended to security in an obvious manner. For example, if you want to break into someone's account on a system that requires 8-character passwords, you could just start trying passwords — aaaaaaaa, aaaaaaab, ... — and eventually it'll work. That's brute force. You could try a list of common passwords (less brute force-ish). Or you could notice the site stores who you're logged in as in a cookie, and edit the cookie (not brute force).
Similar with breaking encryption. You could try all possible keys (brute force, not going to finish this lifetime on a reasonable cipher). Or you could analyze the cipher for weaknesses (very hard if its a good cipher, definitely not brute force).
And, to tie it all up, if you want to take down a site, you could just send a bunch of traffic/requests/whatever in its general direction. That's brute force. That's a DoS attack.
Just to give an example of a DoS attack that doesn't involve brute force, pretend that there's a website that locks a user account after three failed login attempts. I know that you have an account on that site and I know that your username is jdoe. I decide I don't want you to be able to use the site so I try to log in as you three times, failing each time. Your account gets locked out and you have to call the admin to get it reactivated. Then I do it again the next week just to make a nuisance of myself. In essence I'm using the site's lockout feature to deny service to you, but brute force isn't involved.
I suspect that the confusion between the two stems from the following. The most popular cases of DoS involve overwhelming servers with network requests. Sounds like somebody is applying "brute force" to the server, and in common everyday language that might be right. But really brute force has a special meaning in computing. It describes algorithms that exhaustively search a solution space for a correct solution, instead of using more "refined" methods like heuristics, intelligent guessing, or whatever. So in security a brute force attack involves trying all possible keys, all possible passwords, etc.