Distributed Denial Of Service (DDOS)

Shivashankar Saravanan
Explaining DDOS Attack Types
Share and Support Us

“Protect you Network”

DDOS attacks are increasing steadily over the past few years and are a threat to organisations and their network. And it is also predicted that the total number of attacks of this type will reach 17 million by 2020 worldwide.

What is a DDOS attack?

A Denial of service attack(DOS) is a cyber attack in which the attackers (hackers) aim is to render a system or network resource unavailable for the user by disrupting the services by constantly flooding it with requests.

A distributed denial-of-service (DDoS) attack is a cyber attack where multiple devices attack a victim’s system/server simultaneously by disturbing the normal traffic and overwhelming the target/victim or its surrounding infrastructure with multiple requests at once.

DDOS attack is very dangerous and is usually performed by a set of infected systems called the bots.

How does it work?

A DDOS attack is initiated when an attacker sends a request that appears to come from a  couple of different IP addresses. An attacker sends many requests per second from a spoofed IP address thereby concealing the DOS attack.

This attack becomes a powerful DDOS attack when the attacker uses a group of infected systems to perform such attacks. The attacker makes use of these infected systems (bots) to send multiple SYN messages from multiple spoofed addresses (distributed DoS or DDoS) to the victim computer making it one of the most powerful cyber attacks.

Types of DDOS Attacks

There are different ways in which the attacker can launch a DDOS attack. Below is a list of the different types of DDoS attacks:

SYN Flood:

SYN Flood is an attack in which the attacker sends a lot of SYN requests to the victim that seem to come from a different IP address. This disturbs the regular flow of traffic and does not allow the legitimate requests to come through. The SYN flood attack is also known as the Half open connections as it aims to consume all the server resources and render it unavailable.

PING Flood:

PING flood is a type of DDOS attack where the attacker overwhelms the victim with multiple ICMP echo requests causing the service to be inaccessible to normal requests. Usually a PING request is sent to check the health of the network and the connectivity.

HTTP Flood:

HTTP flood is an attack that focuses on the layer ‘7’ of the OSI layer’s. In this case the attacker sends multiple http requests to the victim server. When the victim is overflowed with such requests it is impossible for normal traffic to come through them, thus causing a denial of service attack.

UDP Flood:

A UDP flood is similar to any other DDOS attack but the attacker sends a lot of  UDP packets to the targeted server to render it unavailable for normal traffic. In this case the firewall is also exhausted and it will not be able for regular traffic to go through it.

Smurf Attack:

A smurf attack is a type of DDOS attack in which multiple ICMP( Internet Control Message Protocol) packets with the victims spoofed IP address is broadcasted to a computer network. When a large number of computers respond to this, the victim’s computer will flood with traffic and it will become impossible to work.

Most Famous DDOS Attack

In the past there have been a number of DDOS attacks. But the most popular and the biggest DDOS attack recorded till date is the Github DDOS attack in 2018. 

Github is a world’s leading software development platform and it provides hosting for Software development and also source code management functionality.

Github experienced a DDOS attack in 2018 where 1.35 terabits data per second hit the developer platform all at once. The company took help of its DDOS mitigation team to stop the attack. The attack lasted for 8 minutes and github was offline for 5 minutes.

After analysing, Github said that the attackers attacked  “Memcaching”, a memory system to amplify the attack.

The one other attack that was very close to the Github is the 2016 DYN DDOS attack which experienced 1.2 tbps of data all at once.

How to mitigate DDOS Attacks

With an increase in the number of DDOS attacks it is important for an organisation to stay alert and protect itself from such attacks from happening to them. 

The steps involved to mitigate DDOS attacks would be to ;

i) The most important would be to set up a DDOS response plan. There will not be any time to think once the organisations have been attacked. It is always advisable to have a response plan so that it would be easy to recover from the incident and also to reduce or avoid any impact.

ii)The next thing would be to have a strong network infrastructure and good network security. This includes setting up firewalls, IPS/IDS, content filtering, Anti-spam filter and only allowing the least human error possible.

iii) Organisations will have to be aware of the symptoms of a DDOS attack. The network might be slow, System slowing down etc, are the common impact of a DDOS attack. If the companies take immediate action, they can/could prevent the effects of the attack from compromising the network.

All the above mentioned methods do not stop DDOS attacks from occurring but when implemented it will help the organisations to be prepared and reduce the impact of the attack and secure the network infrastructure from being hacked when such situations arise.

If your system is compromised or if you would like to be prepared you can contact us at info@rootfloe.com for a free consultation.

Related posts

Leave a Comment