A Distributed Denial of Service or DDoS attack is a hacking method used to incapacitate online services and websites. Attackers do this by flooding the service with an influx of bogus connections and data to overwhelm the servers and shut them down. These types of attacks have become very frequent in recent years with major online outages and the shutting down of popular websites and online services. According to an ATLAS Threat report, over 2000 DDoS attacks per day are detected by Arbor Networks all over the globe.
How a DDoS attack works
A DDoS attack is started by spreading malware through emails, USB devices, website downloads, or other mediums. This malware is automatically installed onto devices and keeps running in the background, spreading itself further and creating a large network of infected devices. This network can reach up to millions of devices. Once they have enough devices in their network, the attackers will be able to control them remotely and use these devices to attack their target by overloading its servers.
While not everyone has the necessary skills to carry out a DDoS attack, there are places on the dark web where week-long DDoS attacks can be purchased for as little as $150. This adds to utmost need for protection against such attacks. Knowing what you’re dealing with is the first step.
Types of DDoS attacks
There are four common methods used by attackers to carry out a DDoS attack. These include:
Every device or server has a limit to the number of connections that can be made to it. A TCP connection attack focuses on overloading the number of connections to a server or device, leaving the service inaccessible as no more open connections are available. This type of attack sends one connection from each device on its network and can be very large scale, even shutting down servers that are prepped for millions of connections.
Also known as Volumetric attacks, these types of attacks attempt to use up the bandwidth of the target by sending and receiving large data packets between the target and the network of infested devices. Even ‘unlimited’ bandwidth has a limit so this has caused many major online services to shut down their services or hastily add more expensive bandwidth to cope with the attacks.
Sending packet data
Fragmentation attacks work by sending out small packets of UDP or TCP data fragments to the target through the network of devices. The target becomes bogged down by the process of having to re-assemble the multiple data streams and this can lead to severe downtime.
These types of attacks target a specific application or part of the target service. Due to their specific nature, they can be carried out with a smaller network of infected devices and are harder to sniff out.
What to do if you’re attacked
Identify the attack
The first step is to know about the attack. Due to their nature, DDoS attacks are normally not detected until something goes down and the attack is well under way. If you manage your own servers, make sure you monitor the data regularly so you know what your regular data rates look like. You can keep an eye out for any spikes in traffic or connections from unknown or irrelevant IP addresses. Once you witness any of the symptoms, it’s time to go into damage control mode.
Defend your network
If you have access to your router, the first line of defense will be there. You can set a limit on the data rate of your router to prevent an overwhelming amount of data from reaching your servers. You can also add filters to your router so it rejects data packages from malicious IP addresses. You can also set it to time-out half-open connections more frequently and drop malformed or spoofed packages.
Call for help
Once you’ve done all you can from your side, you should call up your hosting provider or ISP and inform them that you are under attack. If it is a large scale attack, they will probably already be feeling the effects of it. They will also have the resources and hardware to deal with these attacks and letting them know would give you a much better chance of stopping the attack in its tracks.
There are also a number of applications and services that can be installed during an attack that help to prevent the attack using various methods including black-holing, sink-holing, IPS based prevention, and DDS based defense.
How to prevent a DDoS attack
While damage control is necessary once you’re under attack, it’s a far better idea to be protected against the attacks in the first place. Here are some of the best ways to prevent DDoS attacks.
Used along with switches and routers, Application front-end hardware is placed before the data stream enters the network. These intelligent devices can detect any abnormalities and symptoms of a DDoS attack as soon as they enter the system by analyzing each data packet before sending it through. Most routers and switches can also be set up to detect a DDoS attack and can also be set to limit the number of connections if needed.
A firewall can block access to the network based on the attacker’s port, IP address, or protocols. This comes in handy when trying to block repeat attackers.
Content Delivery Networks (CDN)
Web-based content delivery networks use an upstream filtering system that passes all the data through a ‘cleaning center’ using tunnels, direct circuits, or proxies. This filters out the bad traffic and sends the good traffic to the service. There are a large number of CDN services that provide round the clock protection against DDoS attacks while giving you a faster content delivery system.