What is a DDoS Attack?

Distributed Denial of Service (DoS) attack floods the target networks or server with traffic to exhaust its resources and bandwidth. By doing so, it becomes impossible for the service to be delivered. The kind of attack can be via multiple connected devices/systems distributed across the internet or via a single internet connection. When the attack is due to many devices, we call it Distributed Denial of Service attacks. The DDoS attack is faster than a normal DoS attack.

What are the top reasons for a DDoS attack?

Ransom: The DDoS attackers can ask a website owner to pay ransom (often, in cryptocurrency) to stop the DDoS attack.
Hacktivism/Protest: The attacker can leverage a DDoS attack to spread a message or protest an ideology of political agenda.
Reputational Damage: DDoS attacks can cause financial losses to the firms, thereby damaging their reputation.
Cover for More Sophisticated Targeted Attacks: The attacks can result in additional compromise such as viruses, ransomware and other malware, and customer data theft.

How does a DDoS attack work?

Step 1: Cybercriminals create a botnet

An attacker should have control over a network of online machines which can include computers and other networked resources such as IoT devices, to carry out a DDoS attack. These exploited machines are infected with malware, making them a potential bot. A group of such bots is known as a botnet. Once a botnet has been established, the attacker is able to direct an attack by sending instructions to each bot. Your network can be a part of a botnet without you knowing it. 

Step 2: Target a victim’s IP address

Once the botnet is created, the next step is to target a victim’s server or network. Each bot created in Step 1 will bombard the victim’s IP address with fake service requests potentially causing the server or network to become overwhelmed. This will result in poor performance of the server/network, thus denying service to legitimate requests. It isn’t easy to gauge out the bot as it looks like a legitimate internet device.

How does a DDoS Attack work?

Step 1: Cybercriminals create a botnet

An attacker should have control over a network of online machines which can include computers and other networked resources such as IoT devices, to carry out a DDoS attack. These exploited machines are infected with malware, making them a potential bot. A group of such bots is known as a botnet. Once a botnet has been established, the attacker is able to direct an attack by sending instructions to each bot. Your network can be a part of a botnet without you knowing it. 

Step 2: Target a victim’s IP address

Once the botnet is created, the next step is to target a victim’s server or network. Each bot created in Step 1 will bombard the victim’s IP address with fake service requests potentially causing the server or network to become overwhelmed. This will result in poor performance of the server/network, thus denying service to legitimate requests. It isn’t easy to gauge out the bot as it looks like a legitimate internet device.

What are some common types of DDoS attacks?

Different types of DDoS attacks target different components of a network connection and generally fall into these categories:

Volume based attacks
As the name suggests, the volume-based attack depends on the volume of the requests or the massive amount of data sent to the target victim system. The reason behind the attacks is to overload the bandwidth of the target system. It creates blockage by consuming the entire available bandwidth. The success of the attack is directly proportional to the volume. The metric for measuring volume-based attack is bits per second (bps).

Volume Based Attacks include UDP floods, ICMP floods, and other spoofed-packet floods such as DNS amplification. In this scenario, an attacker makes a request to an open DNS server with the victim’s IP address, in order to overwhelm a target server or network with an amplified amount of traffic, rendering the server and its surrounding infrastructure inaccessible.

Protocol attacks
The internet operates on a set of protocols. It defines a rule that determines how data is transmitted between different systems in the same network. Data is usually transferred in packets. A protocol attack sends a large number of packets, more than the network can handle to targeted network infrastructure. This results in the exploitation of the network. Protocol attacks are measured in packets per second (pps).

Protocol attacks include SYN floods, fragmented packet attacks, Ping of Death, Smurf DDoS, and others.

Application layer attacks
As the name suggests, Application layer attacks are initiated to attack the application itself. The most common application it targets is the webserver. It targets not only the application but also its network and bandwidth. Application layer attacks are measured in requests per second (RPS).

Application Layer Attacks include low-and-slow attacks, GET/POST floods, attacks that target Apache, Windows, or OpenBSD vulnerabilities, and others.

How do I mitigate DDoS attacks?

The goal of the attacker is to blend in as much as possible with the normal traffic, rendering prevention efforts as inefficient as possible. With multi-layered security measures and careful planning, it is possible to protect a business from a DDoS attack with the following measures:

  • Have a DDoS response plan ready;
  • Secure network infrastructure by configuring your firewalls and routers;
  • Configure network hardware against an attack;
  • Leverage cloud security platforms;
  • Acquire more bandwidth;
  • Monitor your website traffic;
  • Be aware of warning signs that can include: slow access to files, either locally or remotely, a long-term inability to access a particular website, internet disconnection, problems accessing all websites, and excessive amount of spam emails.
  • Keep network systems up to date;
  • Use DDoS prevention tools.

More businesses are turning to DDoS mitigation products and services such as Men&Mice xDNS redundancy. It enables the replication and synchronization of critical DNS zones across multiple DNS service provider platforms leaving the network better protected with streamlined migration and management of DNS zones. It utilizes cloud-native features to monitor and replicate changes in DNS.