FAQ: What are DDoS attacks?
Last updated on December 4th, 2018
What is a DDoS attack?
Dedicated Denial of Service (DDoS) attacks are a form of cyberattack that aims to disrupt access to a service (such as a website) in order to extort the owner or to serve as a distraction whilst another attack occurs. DDoS attacks are usually driven by a botnet (a network of infected machines) which overwhelm the service and prevent access to legitimate users.
DDoS attacks usually attempt to overwhelm services using one of two methods. Either by sending a massive number of connection attempts or by using up all available bandwidth. Any business or organisation can be a target for this type of attack. In some cases, DDoS attacks can even be directed at individuals, although this is rare.
What’s the difference between a DoS attack and a DDoS attack?
The difference between these two attacks is that a DoS attack typically comes from one machine which is utilising a single connection, whereas a DDoS attack uses multiple machines and multiple connections.
What are the types of DDoS attack?
One common attack is known as ‘TCP Flooding’. To explain this imagine that you have a double-decker bus with 40 seats on it. These seats are all filled at the first stop and as you get to more stops more people wish to get on but cannot as the seats are filled. This is what happens to web servers during a TCP flood, they can only allow so many connections and the hacker is filling these with bogus connections and thus stopping anyone else from accessing the site.
Another common Denial of Service attack is to use up all available bandwidth, known as a ‘Volumetric Attack’. An analogy of this is when we commute to work in the morning we get onto the motorway and come to a grinding stop. The roads bandwidth, in this case, is the lanes available for traffic. These can’t cope with the amount of traffic and everyone crawls along or grinds to a stop.
In this case, the hacker could be using virus-infected machines around the globe known as bots to send large amounts of data to the servers. All this data would block up the lanes to the servers causing an outage or extreme degradation of the services
How can I stop DDoS attacks?
The number one question is how do we protect ourselves from these attacks or at least mitigate our risks?
Well, there are devices that companies can purchase that claim to prevent DDoS attacks such as SMB\E firewalls but these won’t help you if you are a victim of large-scale attacks.
So firstly you need to review your attack surface and mitigate risks. For example, say you run an e-commerce site, it’s probably not advisable to run it from your premises. You may find an attack on this site not only knocks out your e-commerce site but also other critical business services, such as email, remote workers and access to cloud services.
Depending on your environment, you may wish to host critical services and servers in a provider’s cloud infrastructure. Another option is to look at co-location (rented space in a data centre). Most cloud providers are going to have access to bandwidth far greater than anyone else – do check this though! Cloud hosting platforms are great for being able to scale out quickly in terms of system resources and network connections when you see high demand. Increasing numbers of web servers and balancing traffic between them may also help you in a TCP connection attack.
Volumetric attacks on bandwidth are a lot more brutal so how do we defend ourselves against these? Again you can use cloud providers for your online sites so they can deal with the volume. However even they will struggle with the scale of the attacks seen by Sony and Microsoft.
So what else can we do? Well, you can buy services from third parties who will route the attack via them and take the initial impact whilst trying to counteract the hackers, or you could have geographically separated infrastructure that sees a mirror site of your current environment which can ease the strain in an attack.
There’s a fair chance that you may never experience a DDoS attack on your IT systems. However, you should take the time to understand what the risks are and how/if you will mitigate them.