DDoS Attack
Definition
A Distributed Denial of Service (DDoS) attack is a malicious attempt to disrupt the normal functioning of a network, service, or website by overwhelming the target or its surrounding infrastructure with a flood of internet traffic. DDoS attacks achieve effectiveness by utilizing multiple compromised computer systems as sources of traffic. The machines involved in a DDoS attack can include computers and other networked resources such as IoT devicesIoT devices.
Types of DDoS Attacks
DDoS attacks can be broadly divided into three types: Volume Based Attacks, Protocol Attacks, and Application Layer Attacks.
Volume Based Attacks
Volume Based Attacks, also known as Volumetric Attacks, aim to consume the bandwidth of the attacked site or other key resources, such as a router. These attacks include ICMP floods, UDP floods, and other spoofed-packet floods. The attack's strength is measured in bits per second (Bps).
Protocol Attacks
Protocol Attacks, also known as State-Exhaustion Attacks, cause a service disruption by consuming all the available state table capacity of web application servers or intermediate resources like firewalls and load balancers. These attacks include SYN floods, fragmented packet attacks, Ping of Death, Smurf DDoS and more. The attack's strength is measured in Packets per second (Pps).
Application Layer Attacks
Application Layer Attacks, also known as Layer 7 DDoS attacks, target the application layer of the OSI modelOSI model. They are the most sophisticated and difficult to mitigate, often mimicking human behavior and interacting with applications in the same way a legitimate user would. These attacks include low-and-slow attacks, GET/POST floods, attacks that target Apache, Windows or OpenBSD vulnerabilities and more. The attack's strength is typically measured in Requests per second (Rps).
Mechanisms of DDoS Attacks
DDoS attacks are carried out using a variety of mechanisms. The most common of these include botnets, IP spoofing, and amplification.
Botnets
In many DDoS attacks, the perpetrator uses a network of zombie computers, or botnetsbotnets, to flood the network or servers with traffic. These botnets are often created by infecting a large number of computers with malware that gives the attacker control.
IP Spoofing
IP spoofing is another common mechanism used in DDoS attacks. This involves creating Internet Protocol (IP) packets with a false source IP address to mask the identity of the attacker and to overwhelm the target with packets from multiple sources.
Amplification
Amplification attacks involve the attacker exploiting vulnerabilities in DNS serversDNS servers to turn small queries into much larger payloads, overwhelming the target servers.
Mitigation and Defense
There are several strategies and techniques that can be used to mitigate and defend against DDoS attacks. These include rate limiting, IP address filtering, anomaly detection, and CAPTCHA tests.
Rate Limiting
Rate limiting involves controlling the amount of traffic a server can accept. When a DDoS attack is detected, the rate limit can be lowered to prevent the server from being overwhelmed.
IP Address Filtering
IP address filtering involves blocking traffic from specific IP addresses that are suspected of being part of a DDoS attack. This can be effective, but can also block legitimate traffic if the attacker is using IP spoofing.
Anomaly Detection
Anomaly detection involves monitoring network traffic and identifying patterns that could indicate a DDoS attack. This can include sudden spikes in traffic, or an unusually large number of requests from a single IP address.
CAPTCHA Tests
CAPTCHA tests can be used to distinguish between human users and bots during a DDoS attack. This can help to prevent the attack from overwhelming the server, but can also disrupt the user experience.
Impact of DDoS Attacks
The impact of a DDoS attack can be significant, leading to downtime, loss of user trust, and financial loss. In some cases, DDoS attacks have been used as a distraction for other malicious activities, such as data breaches or theft.