A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. They target a wide variety of important resources, from banks to news websites, and present a major challenge to making sure people can publish and access important information.
Multiple computer systems attack a target, such as a server, website or another network resource, and cause a denial of service for users of the targeted resource. The flood of incoming messages, connection requests or packets to the target system forces it to slow down or even crash and shut down, thereby denying service to legitimate users or systems.
How DDOS attack Works?
A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers.
In DDOS the attacker starts by exploiting a vulnerability in the system and making it DDoS master. The attack master system identifies other vulnerable systems and gains control over them by either infecting the systems with malware or through bypassing the authentication controls.
Different types of DDoS Attack which helps us to mitigate:
Volume Based Attacks
Includes UDP floods, ICMP floods, and other spoofed-packet floods. The goal of this type of attack is to cause congestion and send so much traffic that it overwhelms the bandwidth of the site.
Includes SYN floods, fragmented packet attacks, Ping of Death, Smurf DDoS and more. This type of attack focuses on actual web servers, firewalls, and load balancers to disrupt connections, resulting in exhausting their finite number of concurrent connections the device can support.
Application Layer Attacks
Includes low-and-slow attacks, GET/POST floods, attacks that target Apache, Windows or Open BSD vulnerabilities and more. Comprised of seemingly legitimate and innocent requests, the goal of these attacks is to crash the web server, and the magnitude is measured in Requests per second.
Motivations behind DDOS
- Cloaking Criminal Activity
- Business frauds
- Online Gaming
- A DDoS attack is launched simultaneously from multiple different hosts and can affect the availability of even the largest enterprises’ internet services and resources.
- They are a daily occurrence for many organizations; according to 226,500,000 attacks blocked between August 2015 and November 2016 500,000 attacks per day and not one was successful.
- 95% total monthly bandwidth savings and $250,000 cost savings on servers, bandwidth, personnel, and other security measures.
- Securing internet-facing devices and services is as much about helping to secure the internet as an individual network as it is about reducing the number of devices that can be recruited to participate in a DDoS attack.
- The main protocols hackers are abusing to generate DDoS traffic are NTP, DNS, SSDP, Chargen, SNMP, and DVMRP; any services using them should be carefully configured and run on hardened, dedicated servers to prevent DDOS Attack.
Common Defenses against DDoS attack
- Decrease Per IP connection rate.
- Use IDS, Web-application firewalls.
- Tweak Connection per IP threshold.
DDoS attacks are measured in two dimensions: the number of malicious packets per second (PPS) and the attack bandwidth in bits per second (bps).
The Simple things to Secure the Network from DDoS Attack :
- Change the default password – The virus searched for default settings of the IP devices to take control, it’s better to change the default password to prevent a DDOS Attack.
- Update the software – As the battle between cybercriminals and security experts continues, the need to stay up-to-the-minute with the latest updates and security patches becomes more important. Pay attention to the latest updates and make it part of the routine to stay on top.
- Preclude remote management – Disable the remote management protocol, such as telnet or HTTP, that provide control from another location. The recommended remote management secure protocols are via SSH or HTTPS.
DDoS Attack Mitigation
- Transparent mitigation – Hackers generally consider those users who lose their access during a DDOS Attack. Since your users do not need to know and do not care that you are under attack, any mitigation technology must continue to let people into your site without delay and without being sent through holding areas, splash screens or receiving outdated cached content. Once the hacker knows that they are going unnoticed, they are improbable to return.
- Bots can’t talk, humans can – Everyone is talking about the rise of chatbots or web robots, but are forgetting that humans are pretty good too.Hackers conduct DDoS attacks to cause a nuisance by disobliging websites and users. This will provide you with further insight into how well, or lack thereof your anti-D Dos system is performing.
- Make sure you whack all the bots – If we are logging many websites at the same time and so many windows are opened at once, it can slow down the sites.So make sure your screening is airtight, blocking all application layer bot requests.
In reality, there are two parts to DDOS Attack protection: the first is detecting a site is under attack and the second is applying an effective defense. Certainly, your solution is capable of accurately detecting the attack but remains inactive when the site is not under attack. Needless defensive measures are just as bad as no defense measures at all for DDOS Attack.
A few days back world largest, 1.7 Tbps DDoS Attack took down on US-based customer’s website.
credits: GBHackers & Prolexic