Blog

FAQ: What are DDoS attacks?

/ IT Security Services
February 10th, 2015

IT security - What you need to know about DDoS attacks

What is a DDoS attack?

Distributed Denial of Service (DDoS) attacks are a form of cyberattack that aims to disrupt access to a service (such as a website) in order to extort the owner or to serve as a distraction whilst another attack occurs. DDoS attacks are usually driven by a botnet (a network of infected machines) which overwhelm the service and prevent access to legitimate users.

DDoS attacks usually attempt to overwhelm services using one of two methods. Either by sending a massive number of connection attempts or by using up all available bandwidth. Any business or organisation can be a target for this type of attack. In some cases, DDoS attacks can even be directed at individuals, although this is rare.

What’s the difference between a DoS attack and a DDoS attack?

The difference between these two attacks is that a DoS attack typically comes from one machine which is utilising a single connection, whereas a DDoS attack uses multiple machines and multiple connections.

What are the types of DDoS attack?

1. Bandwidth flooding

Also known as a volumetric attack, this attack involves saturating a server’s bandwidth with bogus packets to the point that legitimate users can no longer communicate with the server.

2. Resource flooding

This attack involves sending an overwhelming number of resource request to the server or gateway devices such as a firewall; causing CPU usage to peak. Since the CPU is being used for menial requests, genuine requests either fail to get through or are processed incredibly slowly.

3. Application-level flooding

This attack targets the software which runs on the server with the aim to flood it with so many requests that the software crashes, taking the server offline.

How can I stop DDoS attacks?

The number one question is how do we protect ourselves from these attacks or at least mitigate our risks?

Well, there are devices that companies can purchase that claim to prevent DDoS attacks such as SMB\E firewalls but these won’t help you if you are a victim of large-scale attacks.

So firstly you need to review your attack surface and mitigate risks. For example, say you run an e-commerce site, it’s probably not advisable to run it from your premises. You may find an attack on this site not only knocks out your e-commerce site but also other critical business services, such as email, remote workers and access to cloud services.

Depending on your environment, you may wish to host critical services and servers in a provider’s cloud infrastructure. Another option is to look at co-location (rented space in a data centre). Most cloud providers are going to have access to bandwidth far greater than anyone else – do check this though! Cloud hosting platforms are great for being able to scale out quickly in terms of system resources and network connections when you see high demand. Increasing numbers of web servers and balancing traffic between them may also help you in a TCP connection attack.

Volumetric attacks on bandwidth are a lot more brutal so how do we defend ourselves against these? Again you can use cloud providers for your online sites so they can deal with the volume. However even they will struggle with the scale of the attacks seen by Sony and Microsoft.

So what else can we do? Well, you can buy services from third parties who will route the attack via them and take the initial impact whilst trying to counteract the hackers, or you could have geographically separated infrastructure that sees a mirror site of your current environment which can ease the strain in an attack.

There’s a fair chance that you may never experience a DDoS attack on your IT systems. However, you should take the time to understand what the risks are and how/if you will mitigate them.