What is a DDoS Attack?

A distributed denial-of-service attack is a hostile attempt to disrupt the steady flow of traffic of a targeted server or network. This is done by increasing the internet traffic towards the target and overwhelming it. DDoS attacks are effective when multiple compromised computer systems are used as sources of attack traffic. These systems can include computers and other networked resources like loT devices.

How does a DDoS attack work?

A DDoS attack is carried out with networks of systems connected to the internet. This network consists of computers and other devices that are infected with malware, allowing them to be remotely controlled by an attacker. Individually, each device is called a bot and a group of such devices is called a botnet. Once a botnet is established, an attacker can directly attack by sending remote instructions to all bots. So when a target network is attacked by the botnet, all bots send requests to the target’s IP address. This causes the network to be overwhelmed with traffic resulting in a denial-of-service to normal traffic. Since each bot is a valid internet device, separating the attack traffic from normal traffic is difficult. 

How to detect a DDoS attack?

The most obvious sign of a DDoS attack is the site or service becoming slow or unavailable. Apart from there are few other signs. You can find them listed below,

  • Suspicious amounts of traffic originating from a single IP address.

  • A flood of traffic from users who share a single behavioural profile, such as device type, geolocation, or web browser version.

  • An unexplained surge in requests to a single page.

  • Odd traffic patterns such as spikes at odd hours of the day or patterns that appear to be unnatural (e.g. a spike every 10 minutes).

These are some of the signs that indicate a possible DDoS attack.

What are the different types of DDoS attacks?

DDoS attacks target different components of a network connection. These components can be called layers and each one has a different purpose. You can find these layers listed below,

  1. Physical Layer

  2. Datalink Layer

  3.  Network Layer

  4. Transport Layer

  5. Session Layer

  6. Presentation Layer

  7. Application Layer

 So there are different types of attacks that can target each or all components. Read on to learn about the different types of attacks.

HTTP Flood

This attack is like pressing the refresh button in a web browser but on many different computers at the same time. As a result, a large number of HTTP requests flood the server which results in a denial-of-service. There are different ranges of such an attack that vary from simple to complex.

Protocol Attacks

These are also known as state-exhaustion attacks and they cause a service disruption by over-consuming server resources or resources of network equipment like firewalls and load balancers. These attacks utilise the weakness in the third or fourth layer of a network to make the target inaccessible

SYN Flood

The Syn Flood floods a network with requests without giving the server any time to confirm the request. This results in a collapse of the network. It exploits the TCP handshake mechanism, which is a sequence of communications through which two computers initiate a network connection. It is done by sending a target a large number of TCP ínitial Connection Request’ SYN packets with spoofed IP addresses. So the target responds to each request and waits for the final step but it never occurs.

Volumetric Attacks

This type of attack attempts to create a blockage by consuming all available bandwidth between the target and the internet. It is done by sending large amounts of data to a target by using a form of amplification or other means of creating massive traffic like using a botnet.

DNS Amplification

A DNS amplification is overloading a server with commands and routing it towards the victim’s IP. This results in the generation of a long response and the network are brought down. It is done by making a request to an open DNS server with a spoofed IP address, the targeted IP then receives a response from the server.

How to fix a DDoS attack?

The key problem of fixing a DDoS attack is being able to differentiate between attack traffic and normal traffic. So the more complex an attack, the more likely it is that the attack traffic will be difficult to separate from normal traffic. This is because the goal of the attacker is to blend in as much as possible to stay undetected. Listed below are some of the solutions for a DDoS attack,

Blackhole Routing

This is a solution that can be carried out by all network admins. They can create a blackhole route and funnel traffic in that route. But in this method, both the malicious and normal traffic is filtered out and removed from the network. So if an internet property is experiencing a DDoS attack, the ISP can send all the site’s traffic into a black hole as a defence. But this is not an ideal solution since the site remains inaccessible. 

Rate Limiting

In this method, the number of requests that are accepted in a time frame is set at a limit. While this method is useful for slowing web scrapers for stealing content but it is not that effective to handle a complex DDoS attack effectively.  But it is still a useful component in an effective DDoS mitigation strategy.

Web Application Firewall

The WAF is a tool that can assist in protecting a network from a seven-layer attack. By placing a WAF between the internet and an origin server, what WAF can act as a reverse proxy and protect the targeted server from certain types of malicious traffic. 

Anycast Network Diffusion

In this method, Anycast is used to scatter the attack traffic across a network of distributed servers to the point where the traffic is absorbed by the network. The reliability of this method depends on the size of the attack as well as the efficiency of the Anycast network. This is by far the most guaranteed way of taking care of a DDoS effectively.

Disclaimer: The above information is for general informational purposes only. All information on the Site is provided in good faith, however we make no representation or warranty of any kind, express or implied, regarding the accuracy, adequacy, validity, reliability, availability or completeness of any information on the Site.