What is a DDoS attack?
DDoS stands for “Distributed Denial-of-Service” or “distributed denial of service”.
A DDoS attack occurs when an attacker sends heavy traffic to a network or server in order to overwhelm the system and disrupt its ability to function properly. These attacks are generally used to temporarily put a website or application online and can last several days or more. We use the term denial of service because the website or server will be unable to respond to legitimate traffic during the attack.
And this attack is called Distributed Denial of Service (DDoS), because illegitimate traffic comes from hundreds, thousands, even millions of other computers. When it comes from only one source, it is a DoS attack.
Using a botnet
DDoS attacks use a botnet (a set of several computers or peripherals connected to the internet hacked remotely using a malicious program) in order to launch the attack. These devices are called “zombies”.
The different types of attacks
Zombies target vulnerabilities in different layers of interconnection of open systems and are divided into three categories, according to Cloud flare:
Attacks at the application layer
Application layer attacks are the simplest form of DDoS; they mimic normal server requests. In other words, the computers or peripherals of the botnet access the server or the website at the same time, as an ordinary user would. But as the DDoS attack escalates, the volume of seemingly legitimate requests becomes too large for the server and the server crashes.
A protocol attack exploits the way in which servers process data in order to saturate and overwhelm the intended target.
In some variants of protocol attacks, the botnet will send data packets for the server to assemble. The server then waits for confirmation from the source IP address, which it never receives. But it continues to receive more and more data to dissect. In other variants, it sends data packets that the server is simply unable to reassemble, which overloads its resources.
Volumetric attacks are similar to attacks at the application level, but in one detail. In this form of DDoS attack, the entire bandwidth of a server is taken up by botnet requests amplified in one way or another.
For example, the botnet can sometimes trick servers into sending huge amounts of data to themselves. This means that the server must process the reception, assembly, sending and reception of the data again.
The first example of a DDoS attack
According to Norton, the first known DDoS attack was carried out in the year 2000 by Michael Calce, 15 years old at the time, and was used to deactivate important websites like Yahoo, CNN and eBay, causing the display of the above error message. This type of attack has been booming ever since.
Who is launching DDoS attacks and why?
Even though DDoS attacks have gained in power and sophistication, basic DDoS attacks can be performed by almost anyone. Ordinary internet users can pay for DDoS attacks on a target online or on the black market. They can even rent an existing botnet to implement their Machiavellian plans.
Generally, here are the people who use DDoS attacks and the reasons why they do it:
Entrepreneurs to stay ahead of the competition.
Professional players to “eliminate” their opponents.
Activists to prevent Internet users from accessing certain content.
The “trolls” to take revenge on a target.
Who is most exposed to a DDoS attack?
The average Internet user has little to fear, but big companies are prime targets. They can potentially lose millions or even billions of dollars due to downtime caused by a DDoS attack. Small business owners may also be affected. It is essential for any organization with an online presence to be prepared for a potential DDoS attack.
How to prevent DDoS attacks
You cannot prevent an attacker from sending waves of unauthorized traffic to your servers, but you can prepare yourself to handle the overhead.
Find it as soon as possible by checking the traffic
According to Amazon Web Services, it is essential to understand what constitutes a normal, low and high volume of traffic for your organization. If you know what to expect when your traffic reaches its upper limit, you can set up a “rate limiting”. The server will only accept the number of requests it is able to handle. Having up-to-date information on traffic trends will help you identify a problem faster.
Get more bandwidth
Once you have a good idea of the server capacity you need, based on your medium and high traffic levels, you should get it and more. Getting more bandwidth than necessary is called “over-provisioning”. This saves you time in the event of a DDoS attack before your website, server or application is completely overloaded.
Use a content delivery network (CDN)
The goal of a DDoS attack is to overload your hosting server. One of the solutions is therefore to store your data on several servers spread around the world. This is exactly what a content delivery network (CDN) allows.
CDNs serve your website or data to users from a server located near the user to provide better performance. But using a CDN also allows you to be less vulnerable to an attack, because in the event of a server overload, many others remain operational.
What to do if you are the target of a DDoS attack
Today, DDoS attacks are so sophisticated and powerful that it can be very difficult to deal with them alone. This is why the best line of defense against an attack will be to have the right preventive measures. But if you are the target of an attack and your server is no longer online, here is what you can do:
Quickly put in place defensive measures
If you have a good idea of what normal traffic looks like, you should be able to quickly identify a DDoS attack. You will see a massive flow of server requests or web traffic from suspicious sources. But you can have a little time before the total overload and the crash of your servers. Configure rate limiting as soon as possible and delete your server logs to free up space.
Contact your host
If someone else owns and administers the server hosting your data, notify them immediately of the attack. It may be able to clear the traffic (“black hole”) until the attack stops, which means that requests arriving at the server will simply be dismissed, whether legitimate or not. It is in his interest to do so, so that his clients’ servers do not crash.
From there, it will likely redirect traffic to a “purifier” to filter out illegitimate traffic and let ordinary requests through.
Contact a specialist
If you are experiencing a large-scale attack or if you cannot afford the slightest interruption to your website or application, you should consider contacting a DDoS expert. It can divert your traffic to its huge servers capable of handling the load and trying to purge illegitimate requests.
Hiring a professional to redirect and clean up your web traffic is an expensive operation. Most DDoS attacks stop after a few days (although in the most severe cases they can last longer), so you still have the option to accept this loss and be better prepared next time.
About the author
DMTwebhosting.com’s Editorial Team prides itself on bringing you the latest web hosting news and the best web hosting articles!
You could also link to the news and articles sections: