What is DDoS Attack. Basic introduction of DDoS
It stands for Distributed Denial-of-service (DDoS) Attack.
Distributed Denial-of-service (DDoS) Attack, is defined as a malicious user trying to make a machine or network resources unavailable to use.
In which multiple compromised computer systems attack a target, such as a server, website, or another network resource, and cause a denial of service for users of the targeted resource. service may include email, online accounts (e.g.., banking), or other services.
Typical targets for DDoS attacks include:
- Internet shopping sites
- Online casinos
- Any business or organization that depends on providing online services
Types of DDoS Attacks
They are classified into three types of DDoS attacks:
- Network-centric or volumetric attacks
- Protocol attacks
- Application Layer
They are defined as :
1. Network-centric or volumetric attacks: These overload a targeted resource by consuming available bandwidth with packet flood. An example of this type of attack is a domain name system amplification attack, which makes requests to a DNS server using the target’s Internet Protocol (IP) address.
2. Protocol attacks: They target network layer or transport layer protocols using flaws in the protocols to overwhelm targeted resources. This drags out the Transmission Control Protocol handshake, which is never able to finish because of the constant influx of requests.
3. Application Layer: The application services or databases get overloaded with a high volume of application calls. The inundation of packets causes a denial of service.
Among other attack vectors, this category includes HTTP floods, slow attacks (e.g., Slowloris or RUDY), and DNS query flood attacks.
How a DDoS attack works:
Network resources – such as web servers – have a finite limit to the number of requests that they can service simultaneously. In addition to the capacity limit of the server, the channel that connects the server to the Internet will also have a finite bandwidth/capacity.
Whenever the number of requests exceeds the capacity limits of any component of the infrastructure, the level of service is likely to suffer in one of the following ways:
- The response to requests will be much slower than normal.
- Some – or all – users’ requests may be totally ignored.
The attacker may also request payment for stopping the attack. In some cases, a DDoS attack may even be an attempt to discredit or damage a competitor’s business.
DDoS Protection Techniques :
- Reduce Attack Surface Area: One of the first techniques to mitigate DDoS attacks is to minimize the surface area that can be attacked thereby limiting the options for attackers and allowing you to build protections in a single place.
We want to ensure that we do not expose our application or resources to ports, protocols or applications from where they do not expect any communication.
Thus, minimizing the possible points of attack and letting us concentrate our mitigation efforts. In some cases, you can do this by placing your computation resources behind Content Distribution Networks (CDNs) or Load Balancers and restricting direct Internet traffic to certain parts of your infrastructure like your database servers. In other cases, you can use firewalls or Access Control Lists (ACLs) to control what traffic reaches your applications.