A DDoS attack (Distributed Denial of Service) is a computer attack consisting in targeting a computer system by flooding it with incoming messages or connection requests in order to cause a denial of service. Find out everything you need to know about it.
The initials DDoS denote the term Distributed Denial of Service. This is a DOS (Denial Attack on Service) type computer attack consisting of attacking a computer system using a large number of hijacked (or intentionally used) computer systems.
Examples of attacks
In early September, Wikipedia suffered an attack that affected its European infrastructure. The Spanish, French, Polish, Croatian, Austrian, German, British and Russian versions were no longer fully accessible. In parallel, Blizzard, the publisher of the video game World of Warcraft reported a DDoS targeting the Classic version of the MMORPG. Again, users could not log in for several hours. Here, the structures targeted are not of vital importance. However, this results in significant economic losses. In some cases, the targets are hospitals or administrations that manage sensitive data or operate critical services.
DDoS: how do denial of service attacks work?
Typically, in a typical DDoS attack, the cybercriminal (DDoS Master) begins by taking control of many computer systems using malware or bypassing their security systems.
It then creates a command-and-control server. This gives directives to its network of hijacked systems which is also called botnet. Once the network is assembled, the DDoS Master can order its army to generate artificial traffic on the targeted system. It then sends a large number of requests to weaken its target, usually a web server.
How do you know if you have DDoS?
The targeted computer system then experiences abnormally high traffic from a large number of sources. Hundreds or even thousands of hijacked systems can invoke the targeted system simultaneously. This causes a denial of service. That is to say, the service becomes unavailable for its legitimate users.
The use of a large number of hijacked systems makes the attack very difficult to ward off. It is impossible to stop the attack by blocking a single IP address. Furthermore, distinguishing a legitimate user from a hijacked system is very difficult.
In some cases, it should be noted that the computer systems used to request the targeted system are not always hijacked. It happens that a large number of Internet users voluntarily join the cause of a cyber criminal and all assault the same system simultaneously to cause denial of service. However, when a system is well coded, updated, stable and secure, legitimate requests are not supposed to cause a denial of service.
What is the difference with a DoS attack?
A DoS (denial of service) attack is different from a DDoS attack. In the case of a DoS attack, as a rule, a single computer and a single internet connection are used to flood a targeted system or resource.
For its part, the Distributed Denial of Service attack involves numerous computers and internet connections to flood the source. Often, DDoS attacks are global attacks, distributed through botnets.
What are the different types of DDoS attacks?
There are many different types of DDoS attacks. However, there are three main categories. Traffic attacks are the most common. They consist in sending a huge volume of TCP, UDP and ICPM packets to the target. Thus, legitimate requests are lost. These attacks can be carried out through the exploitation of malware.
Bandwidth attacks involve overloading the target with unnecessary data. This causes a loss of bandwidth and of the resources necessary for its operation, causing a denial of service.
Finally, application attacks consist of sending large numbers of messages to the targeted application to consume its resources, making the resources of the target system unavailable.
How to avoid them?
In an article published on the ANSSI website, the authority shares a document in which there are ways to reduce the effects of DDoS. One of the solutions is to deploy filtering equipment at the edge of an information system. However, this only partially protects the company. If the attacks exceed the capabilities of the network links, then the attacker can make his way. Equipment capable of offering this partial protection is, for example, firewalls.
We also use specialized equipment that allows us to establish specific filtering rules and limit requests. Unfortunately, some countermeasures are not directly applied. This extended response time of a few minutes is enough to cause widespread damage.
Other measures require the intervention of external providers such as DNS providers and Internet providers. You can read them in this document.
For their part, companies are adopting managed protection services. Above all, they want to protect emails, firewalls and vital systems like ERP.
About the author
DMTwebhosting.com’s Editorial Team prides itself on bringing you the latest web hosting news and the best web hosting articles!
You could also link to the news and articles sections: