DDoS stands for Distributed Denial of Service. DDoS is a serious threat to businesses and organizations as it can be quite disruptive. According to the Verisign Distributed Denial of Service Trends Report, DDoS activity picked up the pace by 85% in each of the last two years with 32% of those attacks in 2015 targeting software-as-service, IT services, and cloud computing companies.
Why and How DDoS Attacks are Launched?
There are various reasons as to why DDoS attacks are launched. The online gaming industry has been a victim of DDoS attacks for a long time. There are DDoS for hire-services too that attack the rival’s website in an attempt to bring it down. Sometimes, there is a political agenda behind these attacks an example of which is Georgia and Estonia that were targeted in 2007. A traffic overload brought all the government and media sites down by Russian nationalists to express their displeasure over the relocation of a Soviet war monument. Georgian websites suffered DDoS attacks in 2008 prior to the Russian invasion of South Ossetia.
That’s not the only way cybercriminals launch DDoS attacks. Home routers, IP cameras and other IoT devices infected with malware are being used to launch DDoS attacks too. Attackers have started doing the same with Android devices. They use malicious apps hosted on Google Play and other third-party app stores for this purpose.
Types of DDoS Attacks:
Listed below are the main forms of DoS and DDoS attacks:
1. Volume-based
A volume-based attack involves a huge number of requests sent to the target system. The system thinks of these requests as valid (spoofed packets) or invalid request (malformed packets). Hackers carry out volume attack with the intention of overwhelming the network capacity.
These requests could be across a variety of ports on your system. One of the methods hackers use is the UDP amplification attacks in which they send a request for data to a third-party server. And as a result, they spoof your server’s IP address as the return address. The third-party server then sends massive amounts of data to the server in response.
This way, a hacker needs only the dispatch requests but your servers suffer an attack with the amplified data from third-party servers. This form of attack could involve tens, hundreds or even thousands of systems in this form of attack.
2. Application-Based
In this form of attack, hackers use vulnerabilities in the web server software or application software that leads the web server to hang or crash. A common type of application-based attack involves sending partial requests to a server in an attempt to make the entire database connection pool of the server busy so that it blocks the legitimate requests.
3. Protocol-Based
These attacks are targeted on servers or load balancers which exploit the methods systems use for communicating with each other. It is possible that packets are designed to make servers wait for a non-existent response during a regular handshake protocol like an SYN flood.
Prevention of DDoS Attacks and Mitigation Strategies:
Here are some of the best practices to avoid DDoS attacks and mitigation strategies:
1. Purchase more Bandwidth
It was possible to avoid DDoS attacks in the past by making sure that you had more bandwidth at your disposal compared to any attacker. With the advent of amplification attacks though, this is no longer practical. Having more bandwidth actually raises the bar which the attackers have to overcome before launching a successful DDoS attack. It is a safety measure, but not a DDoS attack solution.
2. Network Hardware Configuration against DDoS attacks
Some really simple hardware configuration changes could help you with preventing a DDoS attack. For instance, if you configure your router or firewall to drop DNS responses from outside your network or drop incoming ICMP packets, this could help you to an extent in preventing certain DNS and ping-based volumetric attacks.
3. Protect DNS Servers
Attackers can bring down your website and web servers offline by attacking your DNS servers. So, make sure that your DNS servers have redundancy. The DDoS attack on your DNS infrastructure could render your application or website to be completely unreachable. So, network operators need to adequately defend their DNS infrastructure to protect it from DDoS attacks. Other than this, spread your servers across various multiple data centers if you want to give the attackers a really hard time successfully launching a DDoS attack against your servers.
4. Transparent Mitigation
Hackers could be launching the DDos to make your users lose access to your site. When your site is under attack, you must use a mitigation technology to enable people to continue using it without making it unavailable and without making them see splash screens and outdated cached content. Once the hacker sees that you are not being affected by the attack and your users are still able to access the site, he might stop and not return.
What to do During a DDoS Attack?
To ensure that your website or application is ready within a short notice of coming under attack, you have to work on an active mitigation strategy. Here is a course of action you can follow:
- Have a backup static “temporarily unavailable” website on a separate reputable host provider. Make sure they provide their own DDoS mitigation services.
- Redirect your store DNS to a temporary site and work with your staff, stakeholders, and partners to determine how to deal with the vulnerable servers. This will help you keep a veil from your customers and they won’t be able to figure out your website is under duress.
Educating yourself and understanding the tactics these hackers use can assist you in identifying and assessing how you can optimize your efforts and measures against them.
