DoS stands for Denial of Service (denial of service) and denotes the failure of service within information technology, such as Internet access, operating systems or host services such as Http. An overload of infrastructure systems and a failure of one or more services can have a variety of causes. In connection with DoS / DDoS, targeted attacks are triggered by external attackers on servers, individual components or entire data networks. DDoS (so-called Distributed Denial of Service) attacks are a common variant in which the attack is triggered in a targeted manner via a large number of distributed systems or entire “botnets” in order to “paralyze” larger targets and obscure the starting point of the DDoS attack. Servers and their hosted systems such as websites, e-commerce systems and applications are flooded with inquiries until the system is overloaded and fails. Especially in times of growing collaboration networks and digital communication, DDoS attacks are causing significant damage to the business world today. This type of cybercrime is aimed, among other things, at extorting companies’ ransom, harming competitors or triggering protests.
Why is protection against DDoS attacks necessary?
On average, a successful DDoS attack causes damage to around USD 50,000. According to a recent survey. In particular, online shop/e-commerce providers, IT service providers, online game operators, companies from the financial industry such as banks and insurance companies as well as authorities and governments have been exposed to massive DDoS attacks in the past, which differ significantly in the duration of the attacks and differ can sometimes extend over 24 hours.
DDoS attacks, which can already be ordered for a handful of dollars, have developed into a profitable business model for cyber extortionists in many places, especially since the tracing or tracing of the attacks is hardly possible anymore.
Protection against DDoS attacks – deceptive security
“Unfortunately, too many companies today rely on their Internet service provider for DDoS protection and defence against DDoS attacks. However, companies are often unaware that protection from DDoS attacks is often not part of the service portfolio of web service providers or web hosting providers and that many service providers are not able to offer effective and adequate protection against complex DDoS attacks “, Michael Gottwald from SoftSelect points out. “In addition, the internal responsibilities, whether the protection against DDoS attacks in the area of the IT department, the management, any security and compliance department or risk management, are often not clearly defined.”
Types of DoS and DDoS attacks
While DoS and DDoS attacks used to concentrate mainly on the network level (layers or layers two to four according to the OSI layer model), today attacks on the application level (up to layer seven) of the target system are also increasingly carried out. A variety of DDoS attack types can be distinguished. The most common types of attack can be roughly classified as follows:
volume-based overload attacks
The method, also called “flooding”, aims to overload the bandwidth of the Internet connection by generating a data volume that exceeds the respective bandwidth from the hijacked botnet and sending it to the network. In this way, the destination is “flooded” with data packets, with the result that the network or individual components such as servers, firewalls or routers collapse under the data load and even the legitimate data traffic no longer reaches its destination. Typical examples of volume-based DDoS overload attacks include the flooding of SYN or SYN-ACK packets (data flooding to avoid a successful 3-way handshake between client and server on the TCP protocol), ICMP packets (e.g. pings, the server tries in turn to answer) or a smurf attack, in which a ping packet with an echo request is sent to the target system, which in turn receives responses from the clients of its entire network and thus triggers data overload.
DDoS attack at the application and infrastructure level
Attacks at the application level aim to paralyze the processes and resources for the seventh layer, such as the SMTP and Http protocols, which are responsible, for example, for email services or communication via the web browser. Targeted attacks on the webserver and the websites provided via it are more difficult to identify compared to the volume-based attacks of conventional firewalls since the Http requests can hardly be distinguished from legal or human web requests. In the past, the number and complexity of these so-called “layer 7 attacks” in particular have continued to grow.
The Domain Name System translates the displayed domain name into numeric IP addresses. Since DNS is used today by almost all client systems to link requests, the domain name system is an attractive target for attackers to prevent access to all web and email applications. A popular attack method is the sending of faulty UDP (User Data Protocol – network protocol on the third layer) packets, which the DNS server tries to answer. As a result, he only uses his resources for the incorrect flooding requests and is no longer available for legitimate requests. In the case of a DNS amplification attack, the attacks are intensified by the attacker concealing his IP address and instead of transmitting the victim’s IP address, so that the DNS server sends a flood of responses to the target system and thus overloads the Internet connection.
DDoS multi-vector attacks
In practice, however, attacks are becoming more and more coordinated and combine various attack techniques with so-called multi-vector attacks in order to react adaptively to the victim’s defence mechanisms and to exploit gaps in the defence strategy. The number of multi-vector attacks has increased significantly in recent years.
About the author
DMTwebhosting.com’s Editorial Team prides itself on bringing you the latest web hosting news and the best web hosting articles!
You could also link to the news and articles sections: