Distributed-denial-of-service attacks, also known as DDoS attacks, are among the oldest attacks in the book. DDoS attacks have been used for more than two decades, but in today’s highly connected world with endless data, these attacks have become stronger and more prevalent.
Today’s DDoS attacks are more than just a nuisance to prevent websites and data from being available. They’re often part of a more sinister attack, and in some instances, can result in an entire business being taken down and unavailable to customers.
Wondering what a DDoS attack is, and how you can protect yourself against them? Here’s everything you need to know about this type of attack.
DDoS Attack Basics
A distributed denial of service (DDoS) attack is when a malicious actor disrupts the normal flow of traffic to a network, a targeted server, or a service in order to render it unavailable. Think of a DDoS attack like hitting an unexpected traffic jam on the highway. The traffic jam prevents you and all other drivers from getting to their destination.
A DDoS attack can be attempted against almost anything, including:
- IoT devices
In a world dominated by the Internet of Things (IoT) and connectedness, DDoS attacks are not only becoming more common but more disruptive.
With a DDoS attack, the malicious actor attacks the target by sending an overload of data requests. For example, if the attack is looking to take down a website, the attacker will overload the web server with requests, which will cause the server to crash and be unavailable.
This type of attack is very similar to a denial of service (DoS) attack, in which a single system sends malicious requests or data to the target. With a DDoS attack, the requests are sent from multiple systems.
Common Types of DDoS Attacks
There are three main types of DDoS attacks currently being used to render a resource unavailable. Here’s what you need to know about each of them:
1. Volume-Based Attacks
A volume-based DDoS attack involves the use of large amounts of fake traffic that is sent to a website or server. These attacks often involve UDP, ICMP, and spoofed-packet flood attacks. Common attacks include ping flood, smurf attack, and ping of death.
Not all volume-based attacks always include a huge amount of data. In fact, according to the 2011 Radware Global Application & Network Security Report, the majority of successful attacks were done with volume that amounted to less than one Gigabit per second!
2. Application Layer Attacks
A DDoS attack directed toward the application layer involves flooding applications with malicious requests. Application layer attacks target the layer where web pages are created and delivered in response to an HTTP request.
These attacks are the hardest to defend against, simply because it can be extremely hard to differentiate between legitimate traffic and malicious traffic.
Application layer attacks are usually low-to-mid volume because they are limited to the protocol used by the application. Some of the most common attacks include BGP hijacking, slow read, slow post, and HTTP(s) flooding.
3. Protocol or Network Layer Attacks
A protocol or network layer DDoS attack involves the sending of a large number of packets to targeted network infrastructures, as well as infrastructure management tools. Typically, these attacks use SYN floods as well as Smurf DDoS.
These attacks, also known as state-exhaustion attacks, work by over-consuming server resources, along with firewall and load balancer resources. This type of attack targets web servers, voice services, and other resources that, when over-consumed and overwhelmed, can make the resource unresponsive and inaccessible.
Whether an attacker uses a volume-based attack or a network-layer attack, the end goal is always the same. All DDoS attacks are designed to cause an online resource to become extremely slow or completely unresponsive to valid requests.
Today’s DDoS Attacks
While DDoS attacks have been around for more than 20 years, attacks used today are very different from those used in the past. On average, most attacks last under an hour, with the most commonly used attack vectors being:
- SYN floods
- ACK floods
- RST floods
Another dominating trend in the DDoS world is the use of ransom DDoS attacks. With these attacks, malicious actors demand a ransom, usually in Bitcoins or some other cryptocurrency, in order to stop the DDoS attack.
How to Identify a DDoS Attack
Unlike other attacks and exploits, it’s relatively easy to identify a DDoS attack. The most common and obvious sign of a DDoS attack is a service or website unexpectedly becoming slow or unavailable.
However, it’s worth noting that sometimes a service or website may experience a legitimate spike in traffic that isn’t caused by a malicious actor. For example, if a website newly releases a trending product, the spike in actual traffic could inadvertently result in what appears to be a DDoS attack. So, further analysis is always recommended to determine the root cause.
A traffic analysis tool is the best option for spotting telltale signs of a DDoS attack. When using these tools, you’ll want to look for things such as:
- Unexplained surge in request to a single endpoint
- Suspicious amounts of traffic coming from a single IP address or IP range
- Odd traffic patterns, such as spikes at random times of the day
- Flood of traffic from users who share the same geolocation, device type, or web browser
However, you may notice more specific signs, depending on the type of DDoS attack that is being used.
How to Mitigate a DDoS Attack
One of the biggest concerns in stopping a DDoS attack is identifying normal traffic vs. attack traffic. The first step is to determine if there are any logical reasons why your website or other resource would have a flood of real traffic.
Another difficulty in mitigating a DDoS attack is stopping a multi-vector attack. These attacks use many pathways in order to overwhelm a target service. This can distract mitigation efforts and allow the attack to continue.
A multi-vector attack, such as one that targets several layers, requires a variety of mitigation strategies. Even then, the difficulty still remains in identifying real from malicious traffic.
Most experienced attackers will use an attack that allows them to blend in. This not only makes mitigation efforts much harder but more inefficient as well.
How to Protect Yourself from DDoS Attacks
While mitigation strategies can be difficult, there are many effective ways to prevent a DDoS attack altogether.
Rate limiting is one option to consider. This involves setting a limit of the number of requests a server will accept within a certain timeframe. However, rate limiting alone may not be enough to handle a complex DDoS attack.
Another option is a web application firewall. This tool can be useful in mitigating application-based DDoS attacks. With a firewall between the Internet and the server, malicious traffic can be filtered out and stopped.
While there are many options in defending your resources against a DDoS attack, the best option is to work with a company that is experienced in offering data security products and services.
Ciphertex Data Security® has a thorough knowledge of the ins and outs of DDoS attacks and other security threats that can impact the availability and success of your business. Instead of trying to navigate the security world on your own, why not leave this to the professionals?
At Ciphertex Data Security®, we offer a variety of data security products and services that are designed to protect those things most important to your business: your data. To learn more about our services and how we protect you against a DDoS attack, contact us today!