If you are someone who spends a fair amount of time on the internet, then you may not be oblivious to DDoS. Distributed Denial of Service (DDoS) is a malicious attempt to disrupt the service of a server or a network by sending packets of request from a network of botnets. The idea is to flood the network with fake traffic to deny legitimate users to go through. It is used by hackers and hacktivists to sabotage a company’s website for their malevolent gains.
How Does it Work?
The hackers compromise hundreds and thousands of computers or IoT devices, turning them into botnets. These botnets are then used to create fake traffic to a particular IP address flooding them with requests to a point where legitimate users are denied the service. It becomes very difficult to guard against a DDoS attack as the requests are distributed across many systems.
Types of DDoS Attack
Broadly, DDoS attacks are categorized in the following three categories
1. Volume-based attacks– These are concerned with blocking the bandwidth by sending a massive amount of traffic.
Examples of Volume-based attacks
UDP flood– User Datagram Protocol or UDP floods the target’s broadcast network. Upon finding that no programs are receiving packets, the server issues an ICMP to the sender. As a result of issuing too many ICMP, the website may become unreachable.
DNS amplification– The open DNS server is targeted through request, which in turn responds with a large amount of data. The amplification process is carried out till exhaustion resulting in a denial of service.
2. Protocol attacks– These attacks consume all the available resources such as firewalls and load balancers.
Example of Protocol attacks
- SYN Floods– They exploit the vulnerabilities in a TCP handshake. When the host cannot acknowledge further requests, it results in denial of service.
- Ping of death– When the number of packets exceeds the maximum limit of 65,535 bytes resulting in an overflow of memory, the computer freezes sometimes leading to a crash.
3. Application layer attacks– Also known as layer 7 attack the server directly where the webpages are created such as the Apache, windows, etc.
Example of Application layer attacks
- HTTP flood– This type of DDoS floods the server with HTTP requests. The simplest form of this type is analogous to pressing the refresh button many times on a website through many computers.
Cyberattacks have evolved with the changing technology. It is becoming more and more difficult to protect the server or the network from a potential DDoS attack. It is advisable to have a mitigation setup in place to guard against such attacks. DDoS mitigation refers to the actions one can take to mitigate or lessen the damage caused and to recover the network to its stable state as soon as possible. The process can be summed up in for stages:
- Detection– Detecting a DDoS attack is a prerequisite for finding solutions for it. One needs to discern between a DDoS event or a surge in normal traffic. The sooner one can get hold of the problem, the lesser would be the damage caused.
- Response– The next step in the mitigation process is to block the attacking bots without interfering with normal traffic.
- Diversion or rerouting– The bots are diverted away from the target by breaking them into chunks.
- Analysis– To prevent such an attack in future, one needs to adapt to the pattern in which the attack has been carried out. This can be analyzed by detailed security logs created for the purpose.
- Diverting the attack– The two most important diverting techniques used are DNS routing and BGP routing. Domain Name Service (DNS) routing is effective against application-layer attacks, while the BGP routing is effective against all types of attacks as it is the most comprehensive traffic diversion method.
- DDoS resistant infrastructure– Traditionally, if one could have more bandwidth on their sever than the attacker, they could handle the sudden surge in traffic. But with the amplification of the attack through distributed systems, this may not be a practical solution anymore. Nevertheless, purchasing more bandwidth can be used as a safety measure.
- Network-level techniques– The techniques used to guard against network-level attacks are null routing, sink-holing and scrubbing.
- Cloud-based mitigation techniques– Cloud-based services can help you eliminate the need for maintaining expensive equipment on the server to filter out fake traffic. They offer the benefits of scalability, flexibility, reliability and network size.
- Hiring a mitigation provider– There are many mitigation providers which offer their services in the event of a DDoS attack. Choose one which offers huge network capacity and takes lesser time to mitigate.
DDoS attacks are a reality and can drain all your hard work by making your website unreachable. When choosing a web hosting, be sure to know about the additional security measures, they provide in the event of a DDoS attack. In this context, many web hosting providers give free services of DDoS mitigation under their Cloud Hosting plans and Virtual Server Hosting plans. This might be an added layer of protection your website needs.