FAQ: What are DDoS attacks?
February 10th, 2015
What is a DDoS attack?
Distributed Denial of Service (DDoS) attacks are a form of cyberattack that aims to disrupt access to a service (such as a website) in order to extort the owner or to serve as a distraction whilst another attack occurs. DDoS attacks are usually driven by a botnet (a network of infected machines) which overwhelm the service and prevent access to legitimate users.
DDoS attacks usually attempt to overwhelm services using one of two methods. Either by sending a massive number of connection attempts or by using up all available bandwidth. Any business or organisation can be a target for this type of attack. In some cases, DDoS attacks can even be directed at individuals, although this is rare.
What’s the difference between a DoS attack and a DDoS attack?
The difference between these two attacks is that a DoS attack typically comes from one machine which is utilising a single connection, whereas a DDoS attack uses multiple machines and multiple connections.
What are the types of DDoS attack?
1. Bandwidth flooding
Also known as a volumetric attack, this attack involves saturating a server’s bandwidth with bogus packets to the point that legitimate users can no longer communicate with the server.
2. Resource flooding
This attack involves sending an overwhelming number of resource request to the server or gateway devices such as a firewall; causing CPU usage to peak. Since the CPU is being used for menial requests, genuine requests either fail to get through or are processed incredibly slowly.
3. Application-level flooding
This attack targets the software which runs on the server with the aim to flood it with so many requests that the software crashes, taking the server offline.
How can I stop DDoS attacks?
The number one question is how do we protect ourselves from these attacks or at least mitigate our risks?
Well, there are devices that companies can purchase that claim to prevent DDoS attacks such as SMB\E firewalls but these won’t help you if you are a victim of large-scale attacks.
So firstly you need to review your attack surface and mitigate risks. For example, say you run an e-commerce site, it’s probably not advisable to run it from your premises. You may find an attack on this site not only knocks out your e-commerce site but also other critical business services, such as email, remote workers and access to cloud services.
Depending on your environment, you may wish to host critical services and servers in a provider’s cloud infrastructure. Another option is to look at co-location (rented space in a data centre). Most cloud providers are going to have access to bandwidth far greater than anyone else – do check this though! Cloud hosting platforms are great for being able to scale out quickly in terms of system resources and network connections when you see high demand. Increasing numbers of web servers and balancing traffic between them may also help you in a TCP connection attack.
Volumetric attacks on bandwidth are a lot more brutal so how do we defend ourselves against these? Again you can use cloud providers for your online sites so they can deal with the volume. However even they will struggle with the scale of the attacks seen by Sony and Microsoft.
So what else can we do? Well, you can buy services from third parties who will route the attack via them and take the initial impact whilst trying to counteract the hackers, or you could have geographically separated infrastructure that sees a mirror site of your current environment which can ease the strain in an attack.
There’s a fair chance that you may never experience a DDoS attack on your IT systems. However, you should take the time to understand what the risks are and how/if you will mitigate them.
Windows Virtual Desktop review
Our Client Infrastructure Manager and Azure specialist reviews Microsoft’s Windows Virtual Desktop. Windows Virtual Desktop (WVD) is Microsoft’s newest Platform as a Service offering. It supports multi-session Windows 10 virtual machines and boasts significant improvements to the user experience and capabilities of certain Office 365 apps in a virtual desktop environment. WVD became globally available […]
In the press: Brexit and the tech industry
With the “Brexit” and “Bremain” campaigns both in full flow, Tech Radar Pro examines how leaving the European Union (EU) could impact the UK’s technology industry. Migration, the economy, investment and data laws are all considerations, as the vote draws closer. One of the concerns highlighted by QuoStar CEO Robert Rutherford is the skills shortage. […]
In the press: Digitising the courtroom and the impact on law firms
Andrea Beech asks how digitising the courtroom could affect law firms. In the Autumn Statement last month, an increased focus on digital and technology was a common thread across all departments, from a £450m investment for the Government Digital Service to a £1bn investment in a 4G communications network for the emergency services. As part […]