Skip to main content

Guide to denial of service attacks

What is a DDOS Attack?

With their surging popularity, you might be surprised to learn that DoS (Denial of Service) and DDoS (Distributed Denial-of-Service) attacks have actually been around for quite some time and are one of the more crude forms of cyber attack.

Despite this, they remain one of the most effective techniques used and are notoriously difficult to stop.

Check out below to find out more about DDoS attacks and how they are perpetrated:

How DDoS Attacks Work

A Distributed Denial of Service (DDoS) attack occurs when an attacker floods a network or servers of the victim with a wave of traffic so big that their infrastructure gets overwhelmed.

A DDoS attack involves multiple connected online devices, known as a botnet, that are used to overwhelm a target with fake traffic.

These attacks are usually carried out with a network of internet-connected machines. Attackers take control of various internet-connected machines and place them into a botnet – groups of machines under control by the hacker.

These botnets are then used for a slew of malicious activities, including distributing phishing emails and malware and can range from a few linked devices to millions of machines simultaneously.

Such an attack is unique from other security breaches in that no attempt is being made to breach your security perimeter.

Instead, the victim’s network is subsequently overloaded by the sheer number of requests, which slows down services or takes them offline completely.

Types of DDoS Attacks

DDoS attacks will typically target varying components of a network connection, and can largely be divided into three categories:

Application Layer: 

These types of attacks occur in OSI layer 7, and typically target the layer where web pages are generated on the server and delivered in response to HTTP requests.

This is similar to pressing refresh in a web browser over and over again, but on a massive scale with thousands of computers at once.

Eventually, the sheer number of requests floods the server and denies service delivery for anyone else.

Examples of application layer attacks include ICMP, UDP and spoofed-packet flood attacks.

Protocol Attacks:

Also known as state-exhaustion attacks, these kinds of attacks are intended to cause a service disruption by over-consuming server resources like firewalls and load balancers.

These attacks occur in OSI layer 3 and 4, and include SYN flood and Smurf DDoS attacks.

Volumetric Attacks:

These attacks attempt to create congestion by consuming all available bandwidth between the target and the larger internet.

In other words, attackers flood applications with maliciously crafted fake requests that take huge amounts of resources to process.

How to Mitigate DDoS Attacks

Blackhole Routing:

Although not necessarily ideal, one solution that is always available is to create a black hole route and funnel traffic into it.

In its most basic form with no specific criteria set, both legitimate and malicious networks are routed into a null route and essentially dropped from the network.

This obviously is not ideal as it essentially gives the attacker what they wanted in the first place – blocked network access.

Rate Limiting:

Rate limiting involves limiting the number of requests a server will accept over a certain time window.

This is useful in slowing scrapers from stealing content and for mitigating brute force attempts, but will not be sufficient alone in handling a complex DDoS attack.

Web Application Firewall:

Web Application Firewalls (WAF) can assist in dealing with layer 7 (application) attacks. The WAF is placed between the internet and the victim and acts as a proxy by protecting the target server from certain types of malicious traffic.

These systems usually filter requests based on a series of rules used to identify DDoS attackers.

Content Delivery Network:

A Content Delivery Network (CDN) is a group of geographically distributed proxy servers used for DDoS mitigation.

This network acts as a single unit and works to provide content quickly via multiple backbone and WAN connections.

In the case that one network is flooded with traffic, the CDN can deliver content from another group of unaffected networks.

Work with an MSSP

The best way to get comprehensive protection against DDoS attacks is through partnering with a reputable cybersecurity company like Stratejm.

We provide comprehensive, turnkey, enterprise-grade security from our next-generation security as a service platform.

Contact us to find out more.