3 Types of DDoS Attacks – How to Defend Against Them
- During a DDoS attack, the hackers interact with your hosting server in a way that causes the server or an application installed on it to stop responding. There are many ways of doing it, but the goal is always the same – to make your website inaccessible for regular users.
Chances are, you've heard of DDoS (or Distributed Denial of Service). The threat has been around for ages and has caused more than a few headline-grabbing outages.
It's not like we've seen the back of it, either. Attacks are growing in numbers and size, and businesses lose millions of dollars every day because of the outages.
If you run a website, it's high time you get more familiar with the threat. Let's see if we can help.
What is a DDoS attack?
During a DDoS attack, the hackers interact with your hosting server in a way that causes the server or an application installed on it to stop responding. There are many ways of doing it, but the goal is always the same – to make your website inaccessible for regular users.
The attacks are distributed because hackers employ a network of devices (or nodes) spread worldwide. This network is called a botnet, and it consists of home PCs, servers, printers, routers, and pretty much any device connected to the internet.
Nodes are recruited into botnets via malware. Thanks to it, hackers can instruct the devices they control to launch an attack on any target at any time.
The motivation behind DDoS attacks
DDoS is perpetrated by anyone from bored gamers to state-sponsored advanced hacking groups.
Let's explore some of the most common scenarios.
DDoS against critical infrastructure.
Aimed at the right network, a DDoS attack can severely disrupt the work of critical agencies and cause chaos that, in the worst-case scenario, could affect entire countries.
Hackers sometimes use DDoS to draw attention to a particular problem. Hacktivist groups often employ DDoS to express their opinions or make some headlines.
DDoS against competitors.
It's not unheard of for business competitors to use DDoS against each other. This should give you an idea of how severe the financial and reputational losses could be.
Once an attack starts, it's usually up to the hackers to stop it. Sometimes, they contact the victim and threaten to keep DDoSing the target until the owner pays a hefty ransom.
The ease with which you can hire a botnet and launch an attack has turned DDoS into a favorite pastime for wannabe hackers who spend a lot of time in the basement of their parents' house.
Types of DDoS attacks
There are many different types of DDoS attacks, but we can divide them into three main categories.
Volume-based DDoS attacks
This is the most popular category. During volume-based attacks, the hackers try to use up the target's bandwidth by bombarding it with a vast volume of traffic.
For example, during a UDP flood, the attacker sends a massive number of UDP packets to the target on random ports. If there's no application listening on the port, the server responds to each packet with a "Destination Unreachable" message. Too many responses, and there's no bandwidth left for serving legitimate visitors.
The size of volume-based DDoS attacks has been growing over the last few years. In 2020, for example, Google was targeted by a prolonged DDoS campaign that peaked at over 2.5Tbps at one point. By contrast, DDoS attacks of over 1Tbps were unthinkable just a few years ago.
Instead of using up the bandwidth, protocol attacks put too much load on the hardware resources.
In an SYN flood, for example, the nodes in the botnet send many initial SYN requests but then fail to complete the TCP handshake. The server waits for a response, which uses up resources to the point where legitimate traffic can't be served.
Protocol attacks' size has also been growing. In 2021, Cloudflare dealt with a record-breaking protocol DDoS peaking at 17.2 million requests per second.
Application-layer DDoS attacks
Instead of flooding the server with traffic, application-layer attacks bring your website down by exploiting one of the applications or services powering it.
In a Slowloris attack, for example, the hacker sends numerous partial HTTP requests to the targeted web server. The web server initiates a connection that remains open because the HTTP header is partial, and the request is never completed. Eventually, all the connection slots are used up, and legitimate visitors are left out.
The DDoS threat should never be underestimated. In addition to your revenues and reputation, prolonged outages can also affect your SEO ranking.
Make sure you set up adequate defense mechanisms and treat the threat with the respect it deserves.
Disclaimer: This is a company press release. No HT journalist is involved in creation of this content.