DDOS attacks are becoming more common and more easily produced, with DDOS attack services even being available to buy online now. Due to this, these attacks are no longer just limited to hackers but can be performed by anyone from a disgruntled customer of a company to an angry teenager that’s been banned from a gaming server. DDOS stands for Distributed Denial of Service, this means that a DDOS attack is simply where an attacker uses a number of compromised systems in order to target a single system causing a Denial of a Service.
The main way an attack begins is by firstly setting up a botnet. A botnet is a network of infected machines which can be millions of machines strong, these machines are intentionally infected by distributing malicious software via emails, websites and social media. The botnet can be systematically controlled to send an overwhelming volume of traffic to a targeted system and cause the system to go offline. There is a vast amount of different methods that can be used to perform a DDOS attack, some you should be aware of; for example, an ICMP flood and Slowloris are just two types of DDOS attack methods that can do some serious damage to a targeted machine.
First of all, you have an Internet Control Message Protocol (ICMP) flood which has a simple principle of basically sending ICMP Echo Request packets as fast as possible without waiting for any replies. This technique will consume the targets incoming and outgoing bandwidth significantly making the overall system slowdown as the victim’s server will be attempting to respond with ICMP Echo Reply Packets. Slowloris is a highly used method of performing a DDOS attack, here one web server takes down another server without physically affecting other ports or services on the targeted network. The way in which this works is by Slowloris trying to keep as many connections open on the targeted server for as long as possible. It sends more HTTP headers but never completes a request leaving false connections being open on the targeted server making the server reach its maximum amount of connections which will cause legitimate customers/clients unable to connect.
Another way in which a DDOS attack can be used other than to disrupt services is in the form of a disguise for more malicious traffic. For example, an attacker could send a certain volume of traffic like 10Gbit to someone which contains 100kbit of malicious traffic. This can be very dangerous to a company, whilst they are trying to distinguish between the natural traffic and the attack the attacker could be injecting a code of some kind to possibly steal the company’s database or test a security hole elsewhere on the network.
Don’t feel you can’t do anything against a DDOS attack once it has commenced as there are many ways in which you can fight back in order to reduce the impacts of an attack and even prevent them from occurring all together. First of all, if you’re getting small annoying attacks from the same attacker, even a firewall containing a simple rule can stop traffic coming into your server or machine. So make sure you set up a rule inside your firewall to deny all incoming traffic from the attackers, this can be done by taking into account the protocols, ports and the originating IP addresses. With regards to larger scale DDOS attacks a simple firewall won’t cut it, as rules put in place to stop all incoming traffic can lead to the abrupt stoppage of legitimate traffic to your server or machine. You can always take the Black hole route which is used to discard traffic and drop it once it first enters the network; this works by injecting a static route into the network with a specific community string. This method however is not a very effective one as it can have a negative effect and end up helping the attacker to become successful with a DDOS attack, as by taking the target IP offline yourself this will mean that the attacker will no longer need to attack it.
As mentioned before there are a range of websites that allow anyone to purchase DDOS support services, providing a managed service which can offer support on many features for example features like HTTP, ICMP, UDP and SYN flooding. Most of these service providers pitch that they use private tools as well as having many expert members of staff to provide the DDOS support services to customers. Some providers offer 15 minute trial periods in order to show customers what they can do and their effectiveness, on average the price is £5 for an hour of DDOS attack and can range up to £1000 depending on how long the DDOS attack has been in action for.
Probably the most popular way in order to retaliate to DDOS attacks is via Cloud mitigation and there are expert providers who offer this service, so for example if you were being attacked by an ICMP attack to your server, the cloud mitigation would provide multiple sites that can take in any type of network traffic. They then take in all of the traffic that the server is receiving, then they get rid of all the bad traffic and pointless ICMP sessions in order to only send you back the clean traffic straight to your server in your data centre.
In simple terms cloud mitigation providers have a few key benefits:
Large amounts of bandwidth – The providers have more than enough bandwidth for customers to migrate their traffic to in order to deal with even the biggest of DDOS attacks
Resources and Hardware – Cloud Mitigation providers have a range of resources and hardware in order to compete with the growing danger and growing complexity of DDOS attacks by keeping up-to-date with the software via multiple layers of filtering in order to have the latest trends.
Knowledge – All of these providers normally have a large amount of highly skilled security engineers who daily monitor the very latest DDOS news and tactics in order to help customers in the most efficient way possible.
In my opinion I believe Cloud mitigation providers are the most reasonable and realistic choice when battling DDOS attacks and are the most reliable source in keeping up with the increasing dangers of DDOS attacks.