What is a DDoS Attack, Types and How to Stop it?
Even if you aren’t sure what a DDos attack it, it can sound quite scary. A DDoS attack is a non-intrusive internet attack. It is designed to take down the website or slow the website down. The attack does this by flooding the network, application, or server with fake traffic. Sometimes, even with the smallest amount of traffic, this can be enough for the attack to work.
A DDoS attack is something that every website owner should be familiar with.
What Is A DDoS Attack?
The usual objective of a DDoS attack is to stop real users from getting to your website. The attack could consider their DDoS attack successful if they send more fake traffic than the server can handle. Thus taking the website offline, or rendering it unable to function.
How Does A DDoS Attack Work?
A DDoS attack tests the limits of your web server, application, or network. It does this by sending large fake spikes of traffic. Some DDoS attacks will happen in short runs of malicious requests. These will likely happen in vulnerable endpoints like the search functions. DDoS attacks will use something called botnets, which are an army of ‘zombie’ devices.
What Is The Point of a DDoS Attack?
The main goal of a DDoS attack is to disrupt the availability of the website.
- The website will become slow to respond to real requests
- The website can stop working entirely, making it impossible for legitimate users to access it.
Any disruption can cause loss of legitimate customers, meaning a financial loss.
The Difference Between DDoS and DoS
Distributed Denial of Service (DDoS) and Denial of Service (DoS) attacks are very similar. The difference between a DoS and DDoS is the scale in which they happen. A single DoS attack will come from a single source, and a DDoS attack will come from hundreds and even thousands of systems.
Do DDoS Attacks Steal Any Information?
A DDoS attack cannot steal any of your website visitor information; the only purpose of a DDoS attack is to render your website unable to work. DDoS attacks have previously been used as a way to extort and blackmail company owners.
Several DDoS attack motives are commonly noticed:
- Political motivations
- Hacktivists (you can read more about what hackers do on the FieldEngineer blog)
- Terrorists
- Business Competiton
What Happens During a DDoS Attack?
Understanding what happens during a DDoS attack is a critical part of learning how you can prevent one.
A DDoS attack will deplete your service resources and increase the website load time. You will see performance issues, a higher than usual bounce rate, website performance issues, website crashes, and more. Most DDoS attacks will come from a hacker-controlled network of bots. These are IoT devices that have been left vulnerable - these include security cameras, household appliances, smart TVs, and anything connected to the internet.
What Are The Types of DDoS Attacks?
There are some different types of DDoS attacks, and they are designed to do different things.
Volume-based DDoS Attacks
The goal of a volume-based attack is to overload the website with vast amounts of inbound traffic. Most websites are on shared servers, making it easier for the attackers to achieve their goals with volume-based DDos Attacks.
Volume-Based DDoS Attacks Include:
ICMP floods, where spoofed ICMP packets are sent from a large number of IPs
Ping floods are where the servers are spoofed with ping packets from a huge set of source IPs
UDP is were the attacker will flood various ports randomly.
Protocol-Based DDoS Attacks:
Protocols are how things get from point A to point B on the internet. DDoS attacks based on protocols will exploit weaknesses in Layers 3 and 4 protocol stacks. It will cause service disruption.
Ping of death is where attackers are manipulating the IP protocols by sending malicious pings to a server.
SYN floods exploit any weak points in the Transmission Control Protocol (TCP), which is the communication process between the host, the server, and the client.
Application Layer Attacks
This targets applications like Web Servers like Windows IIS, Apache, and so on. The goal of application-layer attacks is to take out a website, online service, or website.
How to Prevent a DDoS Attack
There are a few steps to preventing a DDoS attack:
- Use a website firewall application that has DDoS protection
- Block specific countries from access your website
- Block Application Layer DDoS Attacks
- Monitor Traffic - if you notice spikes happen at random, this could be an indicator that you have a DDoS attack attempt
- If you see a spike in traffic, look for other indicators of insidious behavior on your website - like increased login attempts.
You should create a DDoS mitigation plan and include robust software that offers website security and DDoS protection.