What is DDoS attack???
DDoS stands for Distributed Denial of Service, Which means an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. Actually DDoS is based on DoS (Denial of Service). According to WIKIPEDIA DoS attacks means, a cyber attack where the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.How it works?
The DDoS attack will attempt to make an online service or website unavailable (temporary or permanently) by flooding it with unwanted traffic from multiple computers.If an attacker wants DDoS attack to be successful, he would spread malicious software to vulnerable computers, mainly through infected emails and attachments (most of this computers will be infected without knowing).
This will create a network of infected machines which is called a botnet.(I'll publish a blog about this also).
The attacker can then instruct and control the botnet, commanding it to flood a certain site with traffic: so much that its network ceases to work, taking the site offline.
Types of DDoS attacks
There are three kinds if DDoS attacks.1. Volume Based Attacks -> The attack’s goal is to saturate the bandwidth of the attacked site, and magnitude is measured in bits per second (Bps).
2. Application Layer Attacks -> Comprised of seemingly legitimate and innocent requests, the goal of these attacks is to crash the web server, and the magnitude is measured in Requests per second (Rps).
3. Protocol Attacks -> This type of attack consumes actual server resources, or those of intermediate communication equipment, such as firewalls and load balancers, and is measured in packets per second (Pps).
Commonly use DDoS attacks methods
- UDP Flood
- ICMP (Ping) Flood
- SYN Flood
- Ping of Death
- Slowloris
- NTP Amplification
- HTTP Flood
Am I infected by DDoS?
When dealing with a DDoS attack, it is worth noting that it can be challenging to even determine if your website is down due to legitimate traffic, rather than an attack. The key to telling the difference lies in the length of time the service is down – if slow or denied service continues for days rather than a spike during a campaign it is time to start to look into what’s going on.
Additionally, if the same
source address is querying for the same data long before the Time to
Live (TTL) has passed, it could be a sign that they are up to no good.
Unfortunately, you cannot simply check to see if all of the traffic is
coming from one IP, as this is the exact purpose of a DDoS: to have
traffic coming from multiple sources.
How to be secure?
1. Be aware -> Invest in technology that allows
you to know your network's normal behaviour and will make you aware of
any abnormal incidents.
2. Boost capacity -> Make
sure you provision enough server capacity and tune for best performance
under high load.
3. Practice your defence -> How to use your defensive strategy is just as important as buying and
installing it.
4. Get help -> If you
don’t have the resources to deal with attacks in-house your best bet is
to outsource to a managed DNS provider.
5. Be prepared -> The best way to avoid any disruption from a DDoS attack is to be prepared for it.
Latest NEWS ;) ->
On February 28, Git Hub found its code hosting platform hit by what’s believed to be the largest Distributed Denial of Service (DDoS) attack ever recorded. 1.35 terabits per second of traffic hit the developer platform Git Hub all at once. Git Hub has revealed that it weathered the largest-known DDoS attack in history.
GitHub was offline for five minutes between 17:21 to 17:26
UTC, with intermittent connectivity between 17:26 to 17:30 UTC.
No comments:
Post a Comment