DDOS attack diagram

Many people may be familiar with the abbreviation term DoS or DDoS and know that it is related to cybersecurity. Yet when it comes to the detail you may feel unclear. In this article, we will walk through the definition of DDoS, types of DDoS attacks, and how to protect yourself from DDoS harms.

Definition of DDoS Attack

DDoS is short for Distributed Denial-of-Service which is a type of cyber-attack targets website or online service to force server disruption. The approach is taken by draining the target computation resources through sending overloaded traffic of network requests in a very short period.

Today the network communication become much advanced and complex, some website or server does not comprehensively handle all incoming access properly causing unexpected behavior to certain requests. Although most servers can compromise a small dose of these irregular behaviors, the situation becomes critical when thousands and millions of requests occur with the intention of attacking.

History of DDoS Attack

DDoS came into the main cyber scene by a 15-year-old developer "Mafiaboy" in 2000. He planned his attack by first hacking into multiple universities to gain control over servers with powerful network bandwidth. He then performed the DDoS attacks against several corporation servers such as Yahoo, eBay, E-Trade and CNN to crash their websites.

More DDoS aid tools were created by criminal groups to optimize attack performance tracking and boosting their tactics efficiency. These tools started to get known as Bots becoming a popular product on the dark-web to lower the complexity of hacking bar for many people.

Top 6 Common Types of DDoS Attack

DNS Amplification

The attacker forces disruption to the target network infrastructure by exploiting public bandwidths sending magnified volume of request traffic. Within this process, Bots are used to automate sending multiple small packets while obfuscating request source and detecting target status.

The core tactics come in place by an attacker sending IP spoofed requests to multiple DNS resolvers in the globe while mentioning to respond to the target victim's IP. This way amplified traffic concentrates on the target server from multiple sources without any attacker's network trace.

SNMP Reflection

SNMP Reflection is an advanced approach similar to DNS Amplification which utilizes the Simple Network Management Protocol (SNMP) to send packets. SNMP are commonly used to fetch information from routers, network switches, server resource/performance, and server traffic. Utilizing SNMP fundamentals allows hackers to plan much more tactical attacks.

Combining variety of communication types with multiple broadband reflection can cause hundreds of gigabits per second traffic toward the target server.

Application Level Attacks

The application layer is called layer 7 (L7) in the OSI model. L7 attack aims to exhaust memory, CPU, and database by exploiting the program vulnerability of the website or online service. Application downtime often creates unexpected security loopholes allowing hackers to breakthrough.

For example, applications without a proper rate limit implementation have a higher chance of crashing from memory leaks. An SQL injection is another technique under the L7 attack category to steal secure data from the destination database.

Zero-Day DDoS

In the cybersecurity world, Zero Day (0day) is a term to describe vulnerabilities that are not known publicly. Zero-Day DDoS have a higher chance of successful attack since there are no security patches available.

Ping Flood

One of the most simple DDoS attacks utilizes Internet Control Message Protocol (ICMP) echo requests known as Ping. Setting the ping's flood option to zero will output packets as fast as possible causing hundreds of communications per second without waiting for replies.

UDP Flood

Similar to the Ping Flood technique, UDP Flood utilizes the User Datagram Protocol (OSI Layer 4 - Network Protocol) communication to send a massive amount of packets in a short time. Victim servers will experience process overuse due to overwhelmed responses and potentially expose the unsecured network foundations.

How to Protect Yourself from DDoS Attacks

1. Setup anti-DDoS hardware and software

Using anti-DDoS hardware and software would protect servers from many types of DDoS attacks at once. Multiple layers of firewall, such as application, network, and load balancing layer gets implemented by anti-DDoS to efficiently filter incoming threats while analyzing each packets' characteristics.

2. Apply IP base rate limit

Setting an access limit to traffics from each IP can dramatically reduce the chance of DDoS attack harm from a single source. This feature can be applied to the application layer by programmatically analyze each traffic and set a capacity limitation. Users can also manually analyze network traffic to block harmful IPs in network settings.

3. Deploy infrastructure mirror

Having redundant infrastructure components with properly configured load balancer can greatly reduce the chance of system outage from DDoS attacks. The mirrored system does not only double to resources but also lets the infrastructure balance out load consumptions and even apply fault tolerance if necessary. One downside is infrastructure mirroring usually costs more to manage and maintain, which is not a recommended solution for the long term.

References