FRAUD AND INTRUSIONS: DDoS attack
In this article, you will learn about how DDoS attacks work. We’ll show you how to prevent them and introduce you to the tools you need to keep your business online if attacked.
What is a DDoS attack? How to protect your digital assets
At its most basic, a DDoS attack (Distributed Denial of Service attack) is an attempt to maliciously disrupt the normal flow of traffic to a web server, a network, or another IT-based system. We’ll explain the modes of attack and how to prevent and combat them in this article.
How do DDoS attacks work?
What is DDoSing? This is the process of using a series of networked devices to coordinate an attack on a network, server, website, or system. A single computer won’t carry out a typical DDoS attack. Numerous malware infected devices controlled remotely effectively become bots, forming a botnet. The attacker will then issue a series of instructions to each bot remotely.
These instructions can tell the bot to target the IP address of the victim. Such a torrent of traffic rapidly overwhelms the server or network, resulting in a DDoS or Denial of Service attack. This will make the service inaccessible to anybody hoping to use it. Because each bot originates from a legitimate internet device and not one single computer, it is tricky to pinpoint and kill a DDoS attack.
DDoS attacks are irreversible, making them unprofitable for ransom. Therefore, the common motive behind DDoS attacks is either to damage a business, render it unoperational, or merely cause anarchy. Some hackers have been known to engage in DDoS attacks solely to show rivals that they can.
DDoS attacks are becoming more frequent, despite an improvement in preventative software and technology. The BBC fell victim in 2015, and GitHub was hit in 2018. Even the mighty Amazon Web Services (AWS) was not spared in February 2020. Don’t make the mistake of assuming that DDoS attacks only affect the most prominent companies, though. They can effectively target any business, no matter how small.
The methodology of DDoS attacks explained
New DDoS attacks spring up frequently, with around thirty primary delivery methods popular at any one time. Despite this, some attacks are favoured and more common than others. In most cases, all DDoS attacks today can be divided into three genres, although it is not uncommon to see multi-vector attacks used in coordination with one another. The three main genres you need to know are:
Application layer attacks
These will target the application itself. In most cases, we’re talking about web pages. Alternatively, they can target Windows, OpenBSD and Apache systems. The most common applications affected will be web servers.
One of the most relevant and recent application layer attacks is the slowloris. This leaves partial HTTP requests as open connections for lengthy periods, slowing down the target network.
This attack strategy exhausts a server’s resources. The over-consumption of these resources (such as firewalls) relies on weaknesses in internet communications protocols.
A SYN flood attack is a commonly faced protocol attack. Exploiting the TCP handshake, the attackers send many TCP (Initial Connection Request) SYN packets with spoofed IP addresses. The target machine responds to each request and waits for the “handshake”, which never occurs, exhausting its resources as more SYN packets are set.
These send high amounts of traffic (request packets) to a network to overwhelm its bandwidth. Such congestion-based attacks are arguably the most established DDoS attacks.
HTTP floods cause a surge in traffic (having the effect of thousands of users hitting the refresh button at once) and can lead to a service being overwhelmed, effectively shutting out visitors and users. This is the most common form of volume-based attack. Still, others can include ICMP (Internet Control Message Protocol) pings, UDP floods (where attacks send a large number of packets to overwhelm the ability to respond), and NTP amplification attacks. The latter involves overwhelming a target by exploiting the Network Time Protocol (NTP) with excessive UDP traffic.
What about zero-day attacks?
It is also worth touching on zero-day attacks. These involve attacks that are not categorised into one of the main three genres, on account of them being largely unknown, new, or futuristic attacks with no patch yet available. They are much-feared as so little is known about them and are near-impossible to prevent.
Common defences against DDoS attacks
A typical DDoS attack used to be aimed at large companies and organisations primarily. However, ready-made packages at DDoS websites make it possible for even inexperienced hackers to target smaller businesses that often have fewer protections. Most are easy to carry about because the very nature of DDoS attacks enables them to get past firewalls and anti-virus software.
The most effective way to stop DDoS attacks is to take preventative measures ahead of time, thus making your systems and servers less vulnerable to sabotage by outside sources. The trick is to deploy techniques and methods to detect an attack in its infancy and knock it out of commission.
Banks, governments, and significant institutions utilise IDMS (Intelligent DDoS Mitigation System) and AMS (Attack Mitigation System) tools for monitoring. When used alongside conventional IT, these can make a difference.
How to counter DDoS attack and protect your business
In theory, small-scale attacks can be effectively killed by blocking the IP addresses that convey large amounts of traffic to your network. However, this isn’t going to be possible for large scale attacks where the volume of traffic is overwhelming. There are preventative measures you can take, though.
You first need to develop a DoS (Denial of Service) response plan. This can vary depending on your infrastructure. Creating a systems checklist, and forming a response team is step one.
Step two is utilising protection systems to secure your network infrastructure. IDS (Intrusion Detection System) and IPS (Intrusion Protection System) options alongside IDMS and AMS are often effective. Having complex passwords that change regularly, anti-phishing software, and secure firewalls all help, but alone are not enough to defeat a DDoS attack.
Finally, it is recommended to outsource DDoS prevention to a cloud-based service provider and use private data centres and secure hosting solutions to secure your digital assets. Let's look more closely at these tools next.
Ports Group offers DDoS solutions
While it is often possible to hinder an incoming DDoS attack and potentially limit any fallout once it occurs, it is always better to actively prevent such an attack in the first place.
Here at Ports Group, we offer DNS solutions and an array of hosting services to boost the technical structure of your business. Our solutions can provide comprehensive protection against typical DDoS attacks, but also SQL injections and brute-force attacks.
We work with leading suppliers, including IBM, Palo Alto and VMWare, to ensure that we provide the highest level of security for our customers and clients. Together, we can help protect your business and prevent DDoS attacks.
Learn more about DDoS attacks
Are DDoS attacks illegal?
Naturally, cybercrime is snowballing. Governments and lawmakers alike are regularly adding new laws to protect against cybercrimes such as DDoS attacks.
How common are DDoS attacks?
Over a third of US businesses have experienced DDoS attacks. Volumetric attacks count for 73% of those, with protocol and application-layer attacks accounting for 23% and 16% of DDoS attacks.
How long does a typical DDoS attack last for?
With the right tools at a company’s disposal, DDoS attacks last a few hours at most. However, it is not uncommon for a typical DDoS attack to last upwards of 24 hours.
Are the effects of DDoS attacks permanent?
Not usually. While irreversible, they can be patched and fixed. So-called Permanent DoS (PDoS) attacks are rarer but not altogether impossible to resolve, either.
Did you not find the answer to your question? Contact us and we will help you.
INSIGHT & SUPPORT