As web technologies are developed day by day, cyber-attacks are becoming very common. Among them, different types of cyber-attacks such as Phishing, DDoS attacks, SQL injection attacks are very common. DDoS attack is a kind of server attack which works with a flood of traffic and hack the account or server. When the DDoS attack occurs, there creates a huge traffic jam on the server and then it becomes impossible to access it. In this meantime, the attackers collect secure and personal data. If the attack can’t be avoided timely, it can occur a great loss.
If you are interested, we think you should, you can click here to know how you can prevent Phishing Attacks also.
Table of Contents
What is DDoS Attack
DDoS attack stands for a distributed denial-of-service attack. It is mainly a virulent attempt that disturbs normal traffic of a traced and targeted server, service, or network. The DDoS interrupts the traffic network and its surrounding infrastructure by overwhelming the target with a flood of internet target. These DDoS attacks utilize multiple compromised computer systems as a source of attack traffic and make it effective. Besides computers, there also includes exploited machines and other networked resources such as IoT devices with no endpoint protection.
A DDoS (distributed denial-of-service) attack is one of the powerful weapons on the internet. When a website is hacked or brought down by hackers, then it normally occurs for a DDoS attack. This DDoS attack happens when a computer or website becomes unavailable due to flooding or crashing the computer or website with too much traffic. You can prevent DDoS attacks by following some steps.
How DDoS Attack Works
DDoS attacks work in a very systematic way. First, a DDoS attack requires an attacker to control the network of online machines to carry out an attack. Our computers and other devices like IoT devices are contaminated with malware which should be removed. DDoS attacks turn each device into a bot or zombie. Then, the attackers can control the groups of bots. This remote control over the bots is called a botnet.
After establishing the botnet, the attacker sends updated instructions to each bot through a method of the remote control to direct the machines. When the botnet is able to target the IP address of a victim, each bot starts responding by sending requests to the target. It potentially causes the targeted server or network with the capacity of overflow. And this results in a denial-of-service to normal traffic.
As each bot is an authorized internet device, it becomes very difficult to separate the attack traffic from the normal traffic.
Types of DDoS Attack
There are mainly three types of DDoS attacks. The three types are given below:
- Volume-based attacks.
- Protocol attacks.
- Application layer attacks.
In volume-based DDoS attacks, the attackers flood the victim’s device or network with a high volume of packets or connections. This volume-based DDoS attack is the most typical attack that floods the normal traffic with overwhelming connections, servers, or bandwidth resources. This volume-based attack also called a volumetric attack.
In the past, these attacks are carried out by numerous compromised systems. These systems were part of a botnet. But now, The attackers recruit volunteers to launch the attack with their machine along with the conventional attack methodologies. These volumetric attacks send massive amounts of traffic to overwhelm the network’s bandwidth.
The protocol attack is another type of DDoS attack. This protocol attacks are more focused. It exploits vulnerabilities in a server’s resources. Protocol attack includes SYN floods, fragmented packet attacks, Ping of Death, Smurf DDoS, and more. This protocol attacks consume actual server resources and intermediate communication equipment such as firewalls and load balancers. Protocol attack is measured in packets per second (Pps).
Application layer attacks
The application layer attack mainly focuses on particular web applications. Application layer attack includes low-and-slow attack, GET/POST floods, target Apache attack, and more. The motive of the application layer attack is to crash the webserver. The magnitude of this layer is measured in Requests per second (Rps).
Example of DDoS Attack
In recent years, DDoS attacks have been increasing rapidly. The most famous and largest examples of DDoS attacks are given below:
GitHub was hit a sudden traffic attack that clocked in at b1.35 terabits per second. It occurred on Feb 28, 2018. This attack was not massive only, it has broken all the records of the past. The traffic was tracked back to over a thousand different autonomous systems(ASNs) across tens of thousands of unique endpoints.
There is no idea of how this GitHub attack of this scale was launched. Before this GitHub attack, additional transit has been deployed and there was more than double transit capacity that allowed to withstand certain attacks without any impact to the users.
This graph shows the difference between normal traffic levels and those of the attack.
- Occupy Central, Hong Kong
The Occupy Central attack was carried out in 2014. It targeted the Hong Kong-based grassroots movement. This movement was fighting to make the voting system more democratic. In this attack, attackers sent a huge amount of traffic to three of Occupy Central’s web hosting service and two independent sites, Popvote. Neither of these was owned by Occupy Central but it was openly supported.
- The Dyn attack
A major DNS provider directed the second largest DDoS attack at Dyn in October 2016. This attack was devastating and it heavily disturbed the traffic of many sites. The disrupted sites are Airbnb, Netflix, PayPal, Visa, Amazon, The New York Times, and more. A malware called Mirai was used for this attack. A botnet was created compromising Internet of Things(IoT) devices like cameras, smart TVs, radios, printers, and more. These all devices are performed together to attack a single victim by sending requests.
It was very fortunate news that the attack was resolved within one day. But it is a great mystery that, the motive of the attack was never discovered. Though the Hacktivist groups made Wikileaks founder Julian Assange responsible for this attack. But still, there is no strong proof for this claim. It is also thought that a disgruntled gamer carried out the attack.
- The Spamhaus attack
There was carried out another largest attack on 2013 launched on Spamhaus. Spamhaus is an organization that combat spam emails and spam-related activity. This organization is a major responsibility for filtering 80% of all spam emails and targets to those people who like to see spam emails in their intended recipients.
The attack raised the traffic of Spamhaus at a rate of 300 Gbps. To mitigate the attack, Spamhaus immediately signed up for Cloudflare. The attackers did some internet exchanges and bandwidth providers to bring down the Cloudflare. Though, this attack didn’t achieve its goal but did a major issue for the London internet exchange(LINX). A teenage hacker was paid to launch this DDoS attack.
- The Mafiaboy attack
A 15-year-old boy known as “Mafiaboy” hacked several major websites including CNN, Dell, E-Trade, eBay, and Yahoo in 2000. These were the most popular search engines at that time. This attack had a destructive consequence and created chaos in the stock market. Later, it was revealed that a high scholar named Michael Calce knew “Mafiaboy” attacked the network of several universities. This attack led to the creation of many cybercrime laws.
Common types of DDoS Attack
There are some common DDoS attacks. The types of these attacks are given below:
- UDP Flood
A UDP Flood is mainly a DDoS attack that floods the target with User Datagram Protocol (UDP) packets. This motive of this attack is to flood random ports on a remote host. The host of the victim has to check for the application by listening at the port. If there is no application found, The host has to reply with an ICMP “Destination Unreachable” packet.
- ICMP (Ping) Flood
The principle of UDP attack and ICMP attack are quite similar. This flood attacks the network of victims by overwhelming the target resource with ICMP Echo Request (ping) packets. ICMP attacks disturb the traffic by sending packets at a very fast rate without waiting for the reply. This attack can consume both outgoing and incoming bandwidth. When the servers of the victim attempt to respond with ICMP Echo Reply packets, the overall system slows down.
- SYN Flood
This SYN flood attacks on a known weakness in the TCP connection sequence ( the “three-way handshake”). An SYN-ACK response from the host comes out to initiate a TCP connection by SYN request. AN ACK response from the requester confirms that. In an SYN flood attack, the requester sends multiple SYN requests. This attack either doesn’t respond to the host or send SYN requests from a spoofed IP address.
The DDoS attack is very harmful to any website. Sometimes, the DDoS attacks affect any system so majorly that the organization becomes closed. There are various ways to occur in a DDoS attack. The attackers try the best way to attack your account.