What is a DDoS Attack?
A Distributed Denial of Service (DDoS) attack is a malicious attempt to disrupt normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.
DDoS attacks achieve effectiveness by utilizing multiple compromised systems as sources of attack traffic. Exploited devices can include computers, mobile devices and Internet of Things (IoT) devices such as webcams, routers, DVRs and more.
These exploited devices are often referred to as a botnet – a number of Internet-connected devices communicating with other similar devices in order to perform tasks.
In a DDoS scenario, the botnet is controlled by a botmaster who issues attack commands from a remote location. When a target is designated, all infected devices will begin to send data packets to the target in hopes of overwhelming its capability to process requests and render it inaccessible.
Common DDoS Attack Types and Vectors
There are several common DDoS attack types and vectors:
Volume-Based Attacks
These attempts aim to saturate the bandwidth of the targeted site, server or network. Large scale volumetric floods can generate over 100Gbps of malicious traffic.
- UDP floods – Leverage UDP protocols for overwhelming amounts of traffic
- ICMP floods – Leverage ICMP protocols with overwhelming pings
- DNS amplification attacks – Exploit misconfigured DNS servers into amplifying traffic
Protocol Attacks
These attacks send seemingly legitimate packets, but manipulate protocols in specific ways to consume server resources.
- SYN flood attacks – Send succession TCP SYN packets to consume resources
- ACK flood attacks – Manipulate packet acknowledgements
Layer 7 Attacks
These target application layer weaknesses and vulnerabilities versus lower level network layers.
- HTTP flood attacks – Overwhelm web servers with valid HTTP requests
- Slowloris – Slowly send partial HTTP requests to tie up connections
- GET/POST floods – Abuse HTTP GET and POST functions with overwhelming traffic
Multi-Vector Attacks
These combine multiple DDoS vectors for increased effect. For example, a UDP flood could be combined with a HTTP flood attack.
DDoS Mitigation Strategies
There are technical and organizational strategies that can be followed to improve mitigation and defense against DDoS attacks:
Use a Web Application Firewall (WAF)
A WAF provides deep inspection capabilities above standard firewalls and can detect and filter out malicious traffic. WAF rules can assist in blocking common DDoS vectors.
Enable Rate Limiting
Enable rate limiting on connections, requests and packet flow. This can help prevent flooding from any single source.
Null Route Identified Attack Sources
When an attack is occurring, offending source IP addresses can be null routed or blackholed to temporarily block them.
Use a Reputable DDoS Mitigation Service
A dedicated DDoS mitigation service can scrub incoming traffic at their data centers before it reaches your network perimeter. These services offer DDoS-specific protection.
Maintain Extra Bandwidth
Having additional bandwidth from ISPs provides capacity to absorb DDoS traffic trying to saturate your connection.
Update Server Configurations
Ensure servers have the latest security updates installed. Disable unused services and ports to reduce possible attack surface.
Enable IP Blocking Features
Enable advanced IP blocking solutions that prevent traffic from unauthorized sources from reaching key servers.
Develop an Incident Response Plan
Have a plan in place to identify, isolate and mitigate DDoS attacks. Include communication protocols to involve leadership, IT teams, and your ISP.
Conclusion
DDoS attacks aim to negatively impact business operations by denying access to key infrastructure and services. However, with multilayered security controls, updated configurations, and advanced mitigation techniques in place, the risk of attack impact can be greatly reduced. Continuous awareness and proactive planning are key factors in limiting disruptions from DDoS attacks.
