written 8.4 years ago by |
DDoS is short for Distributed Denial of Service.
- DDoS is a type of DOS attack where multiple compromised systems, which are often infected with a Trojan, are used to target a single system causing a Denial of Service (DoS) attack.
- Victims of a DDoS attack consist of both the end targeted system and all systems maliciously used and controlled by the hacker in the distributed attack.
- Not all hackers are out to steal your identity or even your money. Sometimes, like real-life street vandals, hackers just want to disrupt business-as-usual for a company for no reason other than just to do it.
- That's the idea behind an attack known as a Distributed Denial of Service, or "DDoS."
- A DDoS is aimed at disrupting the normal function of a specific website. That means the attack isn't random, such as a launched virus that's aimed at everyone and anyone but no one in particular.
- A DDoS is planned and coordinated, and the goal is to make an entire website unavailable to its regular visitors or customers.
What does "Distributed" mean?
- What makes the attack distributed is the focused effort within a team ofdisruptors who share the common goal of preventing targeted Web servers (and, therefore, targeted websites) from working normally.
- The attack is distributed among hundreds or thousands of computers.
- When that happens, the website's regular customers are denied the service they want. Even worse, the company that runs the website is denied the money they'd earn for the day. And they may also lose some customers forever who get frustrated or worried about coming back to the site.
DoS vs. DDoS
- The differences between DoS and DDoS are substantive and worth noting.
- In a DoS attack, a perpetrator uses a single Internet connection to either exploit a software vulnerability or flood a target with fake requests—usually in an attempt to exhaust server resources (e.g., RAM and CPU).
- On the other hand, distributed denial of service (DDoS) attacks are launched from multiple connected devices that are distributed across the Internet.
- These multi-person, multi-device barrages are generally harder to deflect, mostly due to the sheer volume of devices involved.
- Unlike single-source DoS attacks, DDoS assaults tend to target the network infrastructure in an attempt to saturate it with huge volumes of traffic.
- DDoS attacks also differ in the manner of their execution. Broadly speaking, DoS attacks are launched using homebrewed scripts or DoS tools (e.g., Low Orbit Ion Canon), while DDoS attacks are launched from botnets—large clusters of connected devices (e.g., cellphones, PCs or routers) infected with malware that allows remote control by an attacker.
How DDoS Attacks Work
- According to this report on eSecurityPlanet, in a DDoS attack, the incoming traffic flooding the victim originates from many different sources – potentially hundreds of thousands or more.
- This effectively makes it impossible to stop the attack simply by blocking a single IP address; plus, it is very difficult to distinguish legitimate user traffic from attack traffic when spread across so many points of origin.
Types of DDOS Attacks
1. Application layer
Application layer attacks (a.k.a., layer 7 attacks) can be either DoS or DDoS threats that seek to overload a server by sending a large number of requests requiring resource-intensive handling and processing.
Among other attack vectors, this category includes HTTP floods, slow attacks (e.g., Slowloris or RUDY) and DNS query flood attacks.
- The size of application layer attacks is typically measured in requests per second (RPS), with no more than 50 to 100 RPS being required to cripple most mid-sized websites.
2. Network layer attacks
Network layer attacks (a.k.a., layer 3–4 attacks) are almost always DDoS assaults set up to clog the “pipelines” connecting your network. Attack vectors in this category include UDP flood, SYN flood, NTP amplification and DNS amplification attacks, and more.
Any of these can be used to prevent access to your servers, while also causing severe operational damages, such as account suspension and massive overage charges.
DDoS attacks are almost always high-traffic events, commonly measured in gigabits per second (Gbps) or packets per second (PPS). The largest network layer assaults can exceed 200 Gbps; however, 20 to 40 Gbps are enough to completely shut down most network infrastructures.
3. Traffic attacks
- Traffic flooding attacks send a huge volume of TCP, UDP and ICPM packets to the target.
- Legitimate requests get lost and these attacks may be accompanied by malware exploitation.
4. Bandwidth attacks
- This DDos attack overloads the target with massive amounts of junk data.
- This results in a loss of network bandwidth and equipment resources and can lead to a complete denial of service.