DDOS Attack in Depth

A Distributed Denial of Service (DDoS) attack is an attempt to deplete available resources on a network, application, or service so that original users can not access it.

DDoS Protected Dedicated servers are designed for customers who use gaming servers. Medium and large companies that need dedicated resources for long or short periods. A Distributed Denial of Service (DDoS) Attack is a malicious attempt to disrupt the normal traffic of a targeted server, service, or network by flooding the target or surrounding infrastructure with a flood of Internet traffic... DDoS attacks are effective by using multiple compromised computer systems as sources of attack traffic. Operated machines may include computers and other network resources such as IoT devices. At a high level, a DDoS attack is like congestion blocking the road, preventing regular traffic from reaching the desired destination.

How does a DDoS attack work?

A DDoS attack requires an attacker to take control of a network of online machines in order to lead an attack. Computers and other machines (like IoT devices) are infected with malware, turning each one into a bot (or zombie). The attacker then has a remote control on the group of robots, called botnet.

Once a botnet has been established, the attacker is able to direct the machines by sending updated instructions to each bot via a remote control method. When the IP address of a victim is targeted by the botnet, each robot responds by sending requests to the target, which can cause an overflow capability of the targeted server or network, causing a denial of service to normal traffic.. Because each bot is a legitimate Internet device, it can be difficult to separate attack traffic from normal traffic.

What are the common types of DDoS attacks?

Different DDoS attack vectors target variable components of a network connection. In order to understand how different DDoS attacks work, it is necessary to know how to make a network connection. An Internet network connection is made up of many different components or "layers". Like building a house from the ground up, each stage of the model has a different purpose. The OSI model, shown below, is a conceptual framework used to describe network connectivity in seven distinct layers.

While almost all DDoS attacks involve overwriting a target device or network with traffic, attacks can be divided into three categories. An attacker can use one or more different attack vectors or cycle attack vectors that are potentially based on countermeasures taken by the target.

• Application Layer Attacks

Sometimes called a Layer 7 DDoS attack (referring to the 7th layer of the OSI model), the purpose of these attacks is to exhaust the resources of the target. Attacks target the layer where Web pages are generated on the server and delivered in response to HTTP requests. A single HTTP request is inexpensive to run on the client side and can be expensive for the target server because the server often has to load multiple files and execute database queries to create a web page. Layer 7 attacks are hard to defend because traffic can be difficult to report as malicious.

• HTTP Flood

This attack is similar to continuously refreshing a web browser on many different computers: a large number of HTTP requests flood the server, leading to a denial of service.

This type of attack goes from simple to complex. Simpler implementations can access a URL with the same range of IP addresses, referents, and attacking user agents. Complex versions can use a large number of attacking IP addresses and target random URLs using random referents and user agents.

The purpose of the attack:

Protocol attacks, also known as state attacks, cause service disruption by consuming all the available status table capacity of web application servers or intermediate resources such as firewalls and firewalls. Load balancers. Protocol attacks use weaknesses in layers 3 and 4 of the protocol stack to make the target inaccessible.

• SYN Flood

A SYN flood is analogous to a worker in a supply room receiving requests from the front of the store. The worker receives a request, goes and gets the package, and waits for confirmation before taking out the package. The worker then receives many more packet requests without confirmation until he can no longer carry packets, or is overwhelmed and requests begin to go unanswered.

This attack exploits the TCP handshake by sending a large number of TCP "Initial Connection Request" SYN packets to a target with spoofed source IP addresses. The target machine responds to each connection request, and then waits for the final step of handshake, which never happens, depleting the target's resources in the process.

The purpose of the attack

This category of attacks attempts to create congestion by consuming all available bandwidth between the target and the larger Internet. Large amounts of data are sent to a target using a form of amplification or other means of creating massive traffic, such as requests from a botnet.

• DNS amplification

A DNS amplification is as if someone had to call a restaurant and say "I'm going to have one of everything, please call me back and tell me my entire order" where the callback phone number they give is the number of the target. With very little effort, a long answer is generated.

• Black Hole Routing

One solution available to virtually all network administrators is to create a blackhole route and route traffic to that route. In its simplest form, when blackhole filtering is implemented without specific restriction criteria, legitimate and malicious network traffic is routed to a null or blackhole route and dropped from the network. If an Internet property suffers a DDoS attack, the property's Internet Service Provider (ISP) can send all site traffic to a blackhole as a defense.

• Flow limitation

Limiting the number of requests that a server will accept on a certain time window is also a way to mitigate denial of service attacks. While rate limiting is useful for slowing down web scrapers against content theft and limiting brute force connection attempts, it is likely to be insufficient to effectively handle a complex DDoS protection server attack. Nevertheless, rate limiting is a useful element in an effective DDoS mitigation strategy.

• Web application firewall

A Web Application Firewall (WAF) is a tool that can help mitigate a Layer 7 DDoS attack. By putting a WAF between the Internet and an origin server, the WAF can act as a reverse proxy, protecting the targeted server of certain types of malicious traffic. By filtering requests based on a set of rules used to identify DDoS tools, Layer 7 attacks can be hindered. A key value of an effective WAF is the ability to quickly implement custom rules in response to an attack.

• Anycast Network Broadcast

This mitigation approach uses an Anycast network to disperse attack traffic across a network of distributed servers at the point where traffic is absorbed by the network. Like channeling a river down smaller separated channels, this approach distributes the impact of the distributed attack traffic to the point where it becomes manageable, thus dissipating any disturbance capability. The reliability of an Anycast network to mitigate a DDoS attack depends on the size of the attack and the size and efficiency of the network.

Courtesy: https://www.dedicatedhosting4u.com/

Dedicatedhosting4u.com is a well established name for solutions on self managed dedicated servers and managed hosting services. We are immensely indulged in providing solutions on the deployment of online business for various clients since a decade.