Online business always brings huge benefits, because it costs less and recovers profits quite high. However, with those benefits … Online businesses also have potential dangers, which can be named Denial of Service (DDoS) attacks against websites they do not like. So what is a denial of service (DDoS) attack? How does it work and how can these attacks be prevented? Today’s article I would like to share with you this problem.
1. What is Denial of Service (DDoS) attack?
Distributed Denial of Service (DDoS) attack is the act of making the website of an individual or organization accessible but unable to read the article or take any action on that Websiste. In other words, Denial of Service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a previously targeted network or service server. In a distributed denial of service attack (DDoS attack), the flooding of the victim traffic originates from many different sources. A DoS or DDoS attack is similar to a group of people filling the entrance of a store and people wanting to make a purchase cannot enter that store.
How does DDoS attack work?
DDoS attacks are typically operated by botnets – a large group of distributed computers working together – spamming a website or service provider with data requests.
Attackers use malware or unpatched vulnerabilities to install Command and Control (C2) software on a user’s system to create a botnet. DDoS attacks rely on large numbers of computers in the botnet to achieve the desired effect
The DYNDNS attack exploited WIFI cameras with default passwords to create a giant botnet. When they are ready for the botnet, the attackers will send start commands to all botnet nodes and then the botnets will send their programmed requests to the server they want.
If the attack got past the defense of the server service, it would quickly overwhelm most server systems, causing service outages and in some cases, crashing. server.
The end result of a DDoS attack is primarily a loss of productivity or a service interruption – the website cannot be seen by the customer.
3.What is the difference between DoS and DDoS Attack?
Denial of Service (DoS) attacks include many types of attacks designed to interrupt service. In addition to DDoS, you can have application layer DoS, persistent enhancement DoS, and service-based DoS. In short, DDoS is a type of DoS attack – however, DoS can also mean that the attacker used a single node to initiate the attack, instead of using a botnet. Both definitions are correct.
4 Common types of DDoS attacks
There are a number of different ways an attacker performs a DDoS attack. Here are the attacks that you should check out
SYN Flood exploits a weakness in the TCP connection chain, known as a three-way handshake. The server will receive a sync message (SYN) to initiate the “handshake”. The server receives the message by sending the acknowledgment flag (ACK) to the original host, and then closing the connection. However, during a SYN Flood, the fake message is sent and the connection does not close => service crash.
4.2 UDP Flood:
User Datagram Protocol (UDP) is a sessionless network protocol. A UDP Flood targets random ports on a computer or network with UDP packets. The server checks for applications at those ports but cannot find any applications.
4.3 HTTP Flood:
HTTP Floods are almost like legitimate GET or POST requests exploited by a hacker. It uses less bandwidth than other types of attacks but it can force the server to utilize its maximum resources.
4.4 Ping of Death:
Ping of Death controls IP protocols by sending malicious code to a system. This type of DDoS was popular two decades ago but is no longer effective today.
4.5 Smurf Attack:
Smurf Attack exploits Internet protocol (IP) and ICMP (Internet Control Message Protocol) using a malware program called smurf. It spoofs an IP address and uses ICMP, then pings IP addresses on a certain network.
4.6 Fraggle Attack:
Fraggle Attack uses a large amount of UDP traffic to the router’s broadcast network. It is more like a Smurf attack, using UDP rather than ICMP.
Slowloris allows an attacker to use minimal resources in an attack and on targets on a web server. Once connected to the desired target, Slowloris keeps the link open for as long as possible with HTTP flooding. This type of attack has been used in a number of high-profile hacktivist DDoSing attacks, including the 2009 Iran presidential election. hard.
4.8 Application Level Attacks:
Application Level Attacks exploit vulnerabilities in applications. The targets of this type of attack are not entire servers, but applications with known vulnerabilities.
4.9 NTP Amplification:
NTPAmplification exploits NTP (Network Time Protocol) servers, a protocol used to synchronize network time, flooding UDP traffic. This is reflection attack magnified. In any reflection attack will have the response from the server to the fake IP, when amplified, the response from the server will no longer match the original request. Because of the large bandwidth usage when DDoS is present, this type of attack is destructive and high volumne.
4.10 Advanced Persistent DoS (APDoS):
Advanced Persistent DoS (APDoS) is a type of attack used by hackers with the desire to cause serious harm. It uses many of the attacks mentioned earlier, HTTP Flood, SYN Flood, etc.) and typically targets attacks in the form of sending millions of requests per second. APDoS attacks can last for weeks, depending on the hacker ‘s ability to switch tactics at any time and create diversity to avoid security protections.
4.11 Zero-day DDoS Attacks:
Zero-day DDoS Attacks is the name given to new DDoS attack methods that exploit unpatched vulnerabilities.
5. How can DDoS attacks be prevented?
In this regard, those who do the service must take into account. All of them have a backup plan when suffering from DDoS. Some of the steps you need to prepare are:
Install and maintain anti-virus software.
Install a firewall and configure it to limit traffic to and from your computer.
Follow good security practices for distributing your email address.
Use email filters to help you manage unwanted traffic.
Also you can consider another option that is:
5.1 Blackhole routing
One solution available to virtually all network administrators is to create a vulnerability route and pass traffic on that route. In its simplest form, when black hole filtering is performed without specific restrictive criteria, both legitimate and malicious network traffic is routed to an empty route, or black hole, and removed from the network.
5.2 Rate limiting
Limiting the number of requests the server will accept over a given period of time is also one way to mitigate denial of service attacks.
5.3 Web application firewall
A Web Application Firewall (WAF) is a tool that can assist in mitigating DDoS attacks. By placing a WAF between the Internet and the origin server, it can act as a reverse proxy, protecting the targeted server from some kind of malicious traffic.
5.4 Anycast network diffusion
This mitigation approach uses an Anycast network to distribute attack traffic across a distributed server network to the point where the traffic is absorbed by the network.
Example: A waterfall A flowing through a river will have a very high velocity of water. But you have a waterfall and you let it flow through 7 small rivers, so the water speed will be much reduced, right. Just like when the traffic is too large, the server won’t handle the load. Now you need to split the server to minimize the traffic speed. Also you can use 3rd party services to limit DDoS such as companies like Cloudflare and Akamai, you can use other methods. your standard endpoint security solution.
Through this article, you definitely understand the concept of “DDoS service attack, right?” In addition, we also guide you on how to prevent if the DDoS case is affected. Surely there are many conflicting opinions about this article. So you can leave comments below for us to discuss. Thanks and see you in the following article.
Thanks for the reference source:
for us to refer to this article.