DDoS Attacks

What is DDoS attack???

DDoS stands for Distributed Denial of Service, Which means an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. Actually DDoS is based on DoS (Denial of Service). According to WIKIPEDIA DoS attacks means, a cyber attack where the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.

How it works?

The DDoS attack will attempt to make an online service or website unavailable (temporary or permanently) by flooding it with unwanted traffic from multiple computers.
If an attacker wants DDoS attack to be successful, he would spread malicious software to vulnerable computers, mainly through infected emails and attachments (most of this computers will be infected without knowing).
This will create a network of infected machines which is called a botnet.(I'll publish a blog about this also).
The attacker can then instruct and control the botnet, commanding it to flood a certain site with traffic: so much that its network ceases to work, taking the site offline.

Types of DDoS attacks

There are three kinds if DDoS attacks.

1. Volume Based Attacks -> The attack’s goal is to saturate the bandwidth of the attacked site, and magnitude is measured in bits per second (Bps).

2. Application Layer Attacks -> Comprised of seemingly legitimate and innocent requests, the goal of these attacks is to crash the web server, and the magnitude is measured in Requests per second (Rps).

3. Protocol Attacks -> This type of attack consumes actual server resources, or those of intermediate communication equipment, such as firewalls and load balancers, and is measured in packets per second (Pps).

Commonly use DDoS attacks methods

UDP Flood
ICMP (Ping) Flood
SYN Flood
Ping of Death
Slowloris
NTP Amplification
HTTP Flood

Am I infected by DDoS?

When dealing with a DDoS attack, it is worth noting that it can be challenging to even determine if your website is down due to legitimate traffic, rather than an attack. The key to telling the difference lies in the length of time the service is down – if slow or denied service continues for days rather than a spike during a campaign it is time to start to look into what’s going on.

Additionally, if the same source address is querying for the same data long before the Time to Live (TTL) has passed, it could be a sign that they are up to no good. Unfortunately, you cannot simply check to see if all of the traffic is coming from one IP, as this is the exact purpose of a DDoS: to have traffic coming from multiple sources.

How to be secure?

1. Be aware -> Invest in technology that allows you to know your network's normal behaviour and will make you aware of any abnormal incidents.

2. Boost capacity -> Make sure you provision enough server capacity and tune for best performance under high load.

3. Practice your defence -> How to use your defensive strategy is just as important as buying and installing it.

4. Get help -> If you don’t have the resources to deal with attacks in-house your best bet is to outsource to a managed DNS provider.

5. Be prepared -> The best way to avoid any disruption from a DDoS attack is to be prepared for it.

Latest NEWS ;) ->

On February 28, Git Hub found its code hosting platform hit by what’s believed to be the largest Distributed Denial of Service (DDoS) attack ever recorded. 1.35 terabits per second of traffic hit the developer platform Git Hub all at once. Git Hub has revealed that it weathered the largest-known DDoS attack in history.