If you are someone who spends a fair amount of time on the internet, then you may not be oblivious to DDoS. Distributed Denial of Service (DDoS) is a malicious attempt to disrupt the service of a server or a network by sending packets of request from a network of botnets. The idea is to flood the network with fake traffic to deny legitimate users to go through. It is used by hackers and hacktivists to sabotage a company’s website for their malevolent gains.
How Does it Work?
The hackers compromise hundreds and thousands of computers or IoT devices, turning them into botnets. These botnets are then used to create fake traffic to a particular IP address flooding them with requests to a point where legitimate users are denied the service. It becomes very difficult to guard against a DDoS attack as the requests are distributed across many systems.
Types of DDoS Attack
Broadly, DDoS attacks are categorized in the following three categories
1. Volume-based attacks– These are concerned with blocking the bandwidth by sending a massive amount of traffic.
Examples of Volume-based attacks
UDP flood– User Datagram Protocol or UDP floods the target’s broadcast network. Upon finding that no programs are receiving packets, the server issues an ICMP to the sender. As a result of issuing too many ICMP, the website may become unreachable.
DNS amplification– The open DNS server is targeted through request, which in turn responds with a large amount of data. The amplification process is carried out till exhaustion resulting in a denial of service.
2. Protocol attacks– These attacks consume all the available resources such as firewalls and load balancers.
Example of Protocol attacks
- SYN Floods– They exploit the vulnerabilities in a TCP handshake. When the host cannot acknowledge further requests, it results in denial of service.
- Ping of death– When the number of packets exceeds the maximum limit of 65,535 bytes resulting in an overflow of memory, the computer freezes sometimes leading to a crash.
3. Application layer attacks– Also known as layer 7 attack the server directly where the webpages are created such as the Apache, windows, etc.
Example of Application layer attacks
- HTTP flood– This type of DDoS floods the server with HTTP requests. The simplest form of this type is analogous to pressing the refresh button many times on a website through many computers.
Cyberattacks have evolved with the changing technology. It is becoming more and more difficult to protect the server or the network from a potential DDoS attack. It is advisable to have a mitigation setup in place to guard against such attacks. DDoS mitigation refers to the actions one can take to mitigate or lessen the damage caused and to recover the network to its stable state as soon as possible. The process can be summed up in for stages:
- Detection– Detecting a DDoS attack is a prerequisite for finding solutions for it. One needs to discern