What is DDoS Attack?

DDoS attacks have been around for decades. This is just a basic flood attack that overwhelms a system or service with traffic with the ultimate goal to put the website or web property offline.

That was during its early days. It was a basic attack against availability. It existed in its simplest form, which became easy to prevent and eliminate. But as technology evolves, so is the capability of malicious hackers. Today, DDoS attacks are capable of sending 100Gbps of traffic to your server, website or web application. And worse than that, it’s not just plain traffic. That traffic may even be infected with worm, malware or any other malicious data. Today, DDoS attack is not a simple flooding attack. It can bring the greatest disaster in your online business: hardware destruction.

DDoS and DoS – Their Difference

A denial of service (DoS) attack uses a single machine, single IP and single internet connection in an attempt to make a network resource unavailable to its users. An example of this scenario is the temporary interruption or suspension of the services from a host connected to the internet.

Distributed denial of service (DDoS) attacks on the other hand is using multiple machines, IPs and internet connections to target a specific service, website or server. Typical number of machines used in a DDoS ranges from a few hundred to thousands.

DDoS and Their Targets

Most of the time, DDoS attacks targets high profile websites like banking sites, payment gateways, e-commerce websites, gaming servers and others. Sometimes, the intention of DDoS is to gain advantage in commercial competition, revenge, blackmailing, and activism or just for fun.

Because of a number of tools available today, all websites are subject to DDoS. In addition to that, you can even buy a DDoS service online! Many servers coming with free DDoS protection.

DDoS Symptoms

So, how do you know when you are under DDoS attack? The US-CERT (United States Computer Emergency Readiness Team) gave some symptoms of DoS attacks. They are:

  • Slow network performance
  • A particular website is down
  • All websites inaccessible
  • Stellar increase on the number of spam emails received
  • Wireless or wired connection became disconnected
  • Long term inability to access a certain website or service

Attack Types

  • ICMP Flooding – known as the smurf attack, this kind of attack takes advantages of misconfigured network devices that will allow packets to be sent to all computers in a particular network.
  • SYN Flood – this takes advantages of sending a flood of TCP/SYN using a forged sender address.
  • Teardrop Attack – it uses a flood of invalid packets to the target machine, often with overlapping payloads. On earlier Windows versions, it can crash the OS completely, though modern Windows machines have fixed this bug.
  • P2P attacks – also known as peer-to-peer attacks, this uses an exploit from the bugs in peer-to-peer servers in order to initiate DDoS attacks. In this method of attack, the attacker doesn’t use botnets, but acts as a puppet master instead using a large number of clients using P2P hubs to connect to their victims instead of their P2P network.
  • Phlashing – also known as a permanent denial-of-service attack incurs hardware level damage that renders a server completely useless by flashing a corrupted firmware, hereby bricking it.
Posted by August 24, 2015 Category: Uncategorized