What is DDoS Attack?
A DDoS (Distributed Denial-of-Service) attack, unlike the typical malware attack that aims at stealing sensitive data, is targeted more at disrupting the normal functioning of a website or system/network. The intention is to make a website or system/network unavailable to users while the main objective might even be to use this attack as a smokescreen and do other malicious activities, like taking down the firewall or some other security appliance. The DDoS attacks also lead to companies or websites losing trust or reputation, which could directly lead to big losses in terms of money too.
A Distributed Denial-of-Service attack happens when the targeted machine or internet resource is flooded with superfluous requests, which are made in an attempt to overload the system/website and prevent legitimate requests from being fulfilled. Such an attack could last for days or weeks or months and cause much damage.
How DDoS Attack Happens?
Usually in a communication one user sends a message to a server for authentication and the server responds with authentication approval. This authentication approval is acknowledged by the user and there starts the communication. With a DDoS attack, the user deliberately sends several authentication requests, thereby filling up the server. These requests would be having false return addresses and hence the server won't be able to find the user to send authentication approval. The server waits for some time and then closes the connection. Now the attacker begins to send another batch of forged or fake requests and the process begins once again. This keeps the server/website blocked to all legitimate requests as long as this chain continues. The attacker uses many hacked computers and internet connections that are in his or her control to send messages to the target system/server.
Difference Between DoS and DDoS Attack
A DoS (Denial of Service) attack happens when an attacker uses just one computer or one internet connection to execute the attack. It's using this one computer/internet connection that numerous requests are sent to flood the target server. This is done to overload resources and thus make them unavailable to other traffic or to slow down their response to users. Websites that are hosted on servers that are subjected to DoS attacks may be totally inaccessible.
DDoS attacks are more damaging compared to DoS attacks. As the name itself suggests, uses a network of computers and internet connections to execute the attack. Computers and connections distributed all over the world may be used to overload a service. These computers might be part of a large group of devices that are hacked or infected and hence they can be used, even without the owners knowing that they have been hacked as used as botnet.
Why Hackers perform DdoS (Distributed Denial of Service Attack)?
DDoS attacks may be done for different reasons, which include-
- Blackmailing business groups and asking for payments after blocking servers, websites etc.
- Seeking revenge. Ex-employees, even current employees, irritated or angry customers, rivals etc may use such attacks to seek revenge by blocking websites of companies.
- Industrial sabotage. Hackers can be hired to launch the attacks on servers and websites of any company, thereby sabotaging their business itself.
- Creating a smokescreen for committing other lucrative cybercrimes. For example, a DDoS can be used as a smokescreen to do activities like taking down security appliances (for example firewall etc) or for infecting systems/networks with malware or for stealing data.
- It can be used in politics to silence or blackmail politicians, opponent groups etc.
- It can be used by and against criminals and terrorists and also as a potential weapon in war.
- It can be used to play pranks with people, to sabotage websites of financial institutions and banks and even rob money from them, to carry out tests (by hackers or government agencies) etc.
Types of DDoS Attacks
Volumetric Attacks (connectionless) - Typically carried out using botnets and aims at causing congestion and so much of traffic that the bandwidth of the website attacked is overwhelmed. Also known as "floods".
State-Exhaustion Attacks - These target the connection state tables in firewalls, web application servers, and other infrastructure components. This is carried out by making a buffer overload occur, following which the target tries to respond to pings, thereby consuming more bandwidth and thus causing the targeted system to crash.
Application Layer Attacks (connection-based) - Targets weaknesses in an application/server. Aims at establishing a connection with an application/server and monopolizing processes/transactions in order to exhaust the application or server. Also called Layer 7 attacks.
Furthermore, within these broad categories, DDoS attacks can also be categorized as Ping of Death, SYN Flood, UDP Flood, Peer-to-Peer Attacks, Nuke, Reflected Attack, Unintentional DDoS, Multi-vector DDoS, Zero Day DDoS etc.
How to Prevent DDoS Attacks
DDoS attacks can be prevented, to a great extent with a following preventive solutions
- Early identification of DDoS attack always helps. For this, it's always good to keep an eye on inbound traffic and check for sharp traffic spikes.
- Having more bandwidth than necessary may also help as it helps contain unexpected traffic surges and also gives you the time to plan things in case an attack happens.
- Know the technical things to be done if you run your own web server. These may include doing things like adding filters that help your router drop packets that might be part of such attacks, rate limiting your router, setting lower SYN, ICMP, and UDP flood drop thresholds etc.
- Calling the ISP/Hosting provider whenever there is a DDoS attack helps manage it.
- Seeking the services of a DDoS specialist is also important.
- Having all necessary security software installed is very important.
SSL sniffing and DDOS attacks can all be stopped if you use the correct SSL certificates and keep everything secure by using antivirus, antimalware and other products. We offer a product that does it all, keeping out all the unwanted problems and keeping your computers secure. While Distributed Denial of Service attacks can seem terrifying and difficult to spot, our products will ensure that the attack never starts. Contact us today to learn more.