No matter how often your IT department assures you that your system is impenetrable, you know they’re full of it. It’s never their fault, but it just so happens that there’s more malicious content floating around the internet than there are systems prepared to handle them.
One of the most crippling attacks to be aware of is the DDoS. The definition of DDoS is Distributed Denial of Service, and it’s a nasty piece of work. Unlike a DoS attack which comes from a sole internet connection and is used to exhaust server resources or exploit vulnerabilities with fake requests, a DDoS uses a botnet – a network of devices that has been taken over using malware that allows this network to be controlled from afar. This type of coordinated attack bombards the servers of networks on victim services or website, making them unusable for extensive periods of time.
The DDoS attack is hardly a newcomer in the cybersecurity landscape. These attacks have been bullying websites and online services for over a decade, What is fairly novel, however, are DDoS for hire services. Basically, anyone with an internet connection can wreak havoc on a website, and that’s right – it has become a quite popular way for many to earn a few extra dollars.
Network layer or application layer
DDoS attacks can be split into two main categories: network layer and application layer. Network layer attacks tend to be massive in scale, and a successful one can jam the pipeline of a network, denying access to servers and often incurring inflated bandwidth bills.
Application layer attacks, on the other hand, are a bit more sophisticated. They target the server with bogus requests that use up a large amount of server resources. These attacks tend to be smaller but pack quite a punch as they force the application of a server to allocate a significant amount of resources in order to respond to seemingly legitimate requests.
Types of attacks may differ from one another, as explained below, yet attackers will often combine various types into one huge DDoS mess that can easily knock out a website.
Main types of DDoS attacks
1. UDP Flooding
As the name implies, this is an attack that floods the User Datagram Protocol (UDP) with false data, which keeps the system on a loop that renders websites unreachable. The UDP is an important part of the Internet Protocol (IP) suite, so once it’s compromised, not much else from the internet can come through.
2. ICMP (PING) Flooding
The Internet Control Message Protocol is another part of the IP suite that can be severely compromised by false data overload. The attacker sends ping packets or ICMP Echo Request Packets as quickly as possible to consume your incoming and outgoing bandwidth.
3. SYN Flooding
Before a computer can gain access to another, it must first seek permission through a SYN (synchronization) request. The receiving computer must then permit access to its resources before the first computer can go ahead. With SYN flooding, numerous SYN requests are made, so the computer under attack offers access to the attacker, and gives access to its files, which the attacker never uses. What this does is it keeps spaces reserved for the attacker, while preventing others from accessing it because it’s fully booked, so to speak.
4. Ping of Death
This isn’t as bad as it sounds – it’s far worse. A ping of death is data sent to a computer with a size much bigger than the IP packet can handle, but the computer doesn’t realize it until the false data is accepted. The system is left buffering while it tries to assimilate the overwhelming information, and it won’t have time for any new requests while figuring out the boatload of trash it just received.
5. HTTP Flooding
This involves sending numerous HTTP requests, thus forcing the host to reserve resources for guests who will never show up. When real guests turn up, they are denied service.
The Slowloris opens up a connection with the target server, and keeps the connection open by teasing HTTP requests. The server remains open to the multiple requests from the attacker until it can’t open up any more connections.
R.U.D.Y stands for R U Dead Yet? It is a sloth-like attack that leaves a server hanging by sending one byte of information at a time. The server assumes the connection is just slow, so it must remain open to the requests, even if the full information never comes and worthwhile guests get ignored.
8. Reflection Attacks and Amplification Attacks
Reflection attacks can either be Authentication Reflection or DDoS Reflection. The DDoS reflection attack usually comes with an amplification attack and some people don’t differentiate between the two. They both involve using the target’s IP address to make DNS requests to multiple servers, which will then create connections to the target site causing information overload, none of which it actually asked for.
Beefing up your cybersecurity
Regardless of which type of attack is employed, the ramifications are very much the same: people are denied access to a website or service. In simple terms, this means an immediate loss of traffic as well as loss of customer loyalty – which for some is the costliest consequence of an attack. Distributed Denial of Service attacks is a risk most companies live with, yet as attacks are becoming more frequent and complex many are beginning to realize that professional protection against them is an absolute necessity.