DDoS Attacks (Distributed Denial of Service Attacks)

Distributed denial- of- service attacks, or  DDoS attacks are a variant of denial-of-service attacks in which an attacker or a group of attackers employs multiple machines to simultaneously carry out a DoS attack, thereby increasing its effectiveness and strength. The "army" carrying out the attacks are mostly often composed of innocent infected zombie computers manipulated as bots and being part of a botnet controlled by the attacker via a Command and Control Server. A botnet is powerful, well-coordinated and could count millions of computers. It also insures the anonymity of the original attack since the distributed denial of service attack traffic originates from the bots' IPs rather than the attacker's. In some cases, mostly in ideological DDoS attacks, this "army" could also be composed of recruited hackers/hacktivits participating in large distributed denial of service attack campaigns ( Operation Blackout , Operation Payback etc.).

DDoS attacks are hard to detect and block since the attack traffic is easily confused with legitimate traffic and difficult to trace.

There are many types of DDoS attacks targeting both the network and the application layers. They could be classified upon their impact on the targeted computing resources (saturating bandwidth, consuming server's resources, exhausting an application) or upon the targeted resources as well:

  • Attacks targeting Network Resources: UDP Floods , ICMP Floods , IGMP Floods.
  • Attacks targeting Server Resources: the TCP/IP weaknesses -TCP SYN Floods, TCP RST attacks, TCP PSH+ACK attacks - but also Low and Slow attacks as Sockstress for example and SSL attacks , which detection is particularly challenging.
  • Attacks targeting the Application Resources: HTTP Floods , DNS Floods and other Low and Slow attacks as Slow HTTP GET requests ( Slowloris ) and Slow HTTP POST requests ( R-U-Dead-Yet ).

Distributed denial of service attacks usually comprises more than three attack vectors thus increasing the attacker's chances to hit its target and escape basic DoS mitigation solutions.

What happens during DDoS attacks?

During distributed denial of service attacks on any of the layers mentioned above, there is an attempt to stop legitimate visitors from accessing the data normally available on the website, access private data, vandalize a site, or completely shut down a service. This can happen to sites and businesses in any industry - from financial services such as banks to e-commerce or B2B.

During the DDoS attack, the attackers may flood a network with requests and information. Flooding can be accomplished by a dedicated group of attacker voluntarily using their own machines - such as from a "hacktivist" group or other organized entity - or they can hijack machines to use for the attack. They may also scan applications and servers for possible exploits, or attempt to force access to sensitive data.

 

The motives for distributed denial-of-service attacks may differ - from "hacktivism" to criminal intent - and the methods can change. A robust security suite is necessary to ensure that your networks and sites are protected from the latest advances in this constantly evolving landscape. Radware offers a host of DDoS protection solutions that will keep your assets protected from intruders and hackers with fast updates and responses to new methods of attack.

DDoSPedia Index