DDoS stands for Distributed Denial of Service, a cyber attack to close access to a network, system, or web-based application.
The basic principle of the attack is to flood the server with fake traffic until it exceeds its capacity.
The impact of this attack is very detrimental. You need to know the definition, how it works, and the types. Thus you can take preventive and countermeasures.
What is DDoS Attack?
DDoS is a cyber attack that targets the servers of a system. The purpose of a DDoS attack is to make the targeted system inaccessible or serve requests.
Servers will be attacked with huge amount of fake traffic. Traffic that overflows and exceeds capacity will make the server down. This condition is also known as “Data Flooding”.
This attack is commonly used to attack websites, corporate systems, networks, and various online services.
DDoS is nothing new. This cyber attack has been around since 1974. This attack method is even developing. The victims are also increasing.
An example of a large-scale DDoS attack, the first time occurred in August 1999. At that time, the target was the University of Minnesota computer network.
Until the first quarter of 2020, Securelist reported that DDoS attacks had increased by 80% compared to the first quarter of 2019.
Several ranks of large companies have also been victims of this attack, including: Github, Amazon Web Service, CloudFlare, to Bank of America.
How Does It Works?
This attack can run through a computer machine.
The difference between DoS and DDoS refers to the operating computer machine. DoS attacks use only one machine, whereas DDoS uses multiple machines.
A botnet is a computer or network that is hacked and then controlled remotely by the perpetrators of a DDoS attack.
Botnets are machines that process to flood traffic. Without realizing it, your computer could be hacked and turned into botnets.
Internet of Things (IoT) devices are constantly evolving. Things like smart tvs, digital cameras, printers, smartphones, baby cameras, etc., can also be exploite into botnets.
These devices usually have security systems that are more vulnerable than computers or laptops. Therefore, cybercriminals often use it to create a large network of botnets.
How to carry out this attack does not only require botnets, it also requires DDoS attack tools to be able to launch attacks. Some of the tools are quite popular, for example: LOIC, HOIC, HULK, Slow Loris, XOIC, Tor’s Hammer, DDOISM, RUDY, etc.
Different tools will facilitate different types or methods of DDoS attacks.
What are the Types of DDoS Attacks?
In general, DDoS attacks are grouped into 2 types, namely based on their use and based on the OSI layer.
Categories of DDoS Based on Usage
Following are the 3 types of DDoS attacks based on their usage:
1. Changing System Configuration
This type is more focused on changing the configuration of a system. Although the working principle is not to flood the server or network, this type is still included in the DDoS attack.
2. Request Flood
In this attack, the network is flooded with fake requests. As a result, requests from other users will not be served.
3. Traffic Flooding
In this attack, the server will be flooded the network with a lot of data. The impact is the same, other users will not be able to access the system.
This method is arguably quite rarely use because of its complexity.
DDoS Category Based on OSI Layer
The OSI (Open System Interconnection) model is an architectural concept of an internet network connection standardize by the ISO body. The OSI model consists of 7 layers. Multiple layers can be DDoS targets.
The following are 3 types of DDoS categorized by layer in OSI:
1. Protocol-Based Attack (Protocol Attack)
In Protocol Attack, the target is the weakness of layer 3 (network) & layer 4 (transportation).
The principle of the attack is to make server resources such as firewalls, TCP, etc. work beyond their capacity.
DDoS methods that fall into this category include: Ping of Death, Smurf DDoS, Syn Flood, etc.
2. Application-Based Attacks (Application Attacks)
In Application Attacks, layer 7 (application) is the target of exploitation.
At this layer, the server receives an http request and responds to it with an open web page.
The traffic used to carry out this type of attack is difficult to identify. The traffic looks like organic traffic. Therefore this type is quite difficult to overcome.
3. Volume Based Attack (Volumetrics Attack)
This type creates a full bandwidth of traffic using a botnet. Bandwidth that exceeds capacity will make a system inaccessible.
This type is the most popular. At least 65% of DDoS attacks fall into this category.
Some of the DDoS methods that fall into this type or category include: UDP flood, ICMP Flood, DNS Amplification, NTP Amplification, etc.
The DDoS method that falls into this category is HTTP flood.
How to Prevent DDoS Attacks?
DDoS attacks are quite dangerous. Just imagine, the website, network or system that you manage cannot be access for several days. There are how many losses and problems you will feel.
Before that happens, it’s a good idea to take precautions.
The following are some preventative steps you can take.
- Monitoring system traffic on a regular basis. Make sure there is no increase in traffic that is too significant and looks suspicious. This can identify the symptoms of a DDoS attack early.
- Increase bandwidth capacity. So when there is a sudden spike in traffic, the website can still survive until you find the symptoms. This method is intend to give additional time to deal with DDoS attacks.
- Implement layered security systems on servers, networks and applications. Try to minimize any security holes.
- You can also use several tools to prevent DDoS attacks, such as Cloudflare, Security Event Manager, Imperva, etc.
What Are the Characteristics of a Web Affected by a DDoS Attack?
DDoS attacks are generally used to block access from a website. The goals can vary, ranging from business competition, extortion, restricting access to a certain content, ideological problems, to just for fun.
As a web owner or webmaster, you should be wary of this kind of attack. Many cybercriminals indiscriminately attack various types of websites, including those you manage.
Therefore, recognize the following signs, so you can take action.
- Website bandwidth is full of download and upload commands. The changes are too significant.
- High CPU load detected. In fact, there is no ongoing process.
- Website speed decreased. In fact, there is no increase in traffic.
- Some VPS services will provide notifications about dangerous activities.
- If these signs have occurred, immediately take action. You can no longer apply preventive measures.
How to Overcome DDoS Attacks?
The following are steps you can take to deal with DDoS attacks that have already occurred.
- Contact your ISP or web hosting vendor. Inform you that you are having an attack and need help. If you use hosting from Jogjahost, we are ready to help overcome this.
- Contact a DDoS mitigation specialist. There are many DDoS mitigation service providers like CloudFlare, Akamai, Radware, Verisign, Nexus Guard, etc.
Conclusion
DDoS is a fairly simple cyber-attack but can be quite dangerous. Stay alert, take precautions before you become a victim.
Hopefully this DDoS review can be useful information. Get to know how it works and the symptoms so that you can immediately take appropriate action.