Understanding DdoS

Image Source: Pixabay.com/

You’ve probably heard about DDoS attacks, but, do you know what these attacks are? Well, DDoS stands for Distributed Denial of Service and as the name indicates, the objective of a DDoS attack is to make a service inaccessible on the internet. This is done by overloading the concerned service by increasing its traffic.
DDoS attack targets include a range of sources that might typically be considered important. For example, it could be a bank website or a news site. Such attacks prevent users from accessing important information or even publishing it.

Orchestrating a DDoS Attack

It all begins with the creation of a bot network or botnet. Botnets are basically infected computers that have been hacked into using malicious software. These computers are then controlled by hackers via remote. Users are often completely unaware that their system has been hacked and is being used as a botnet. A botnet can be made up of millions of computers and used together to launch a DDoS attack against an online service. This happens when the computers within the botnet start accessing the same online service. Naturally, the service ends up suffering a traffic overload.

DDoS attacks can be powerful enough to overload an entire country’s bandwidth capacity. You can even buy and sell botnets and DDoS attacks. There are underground markets that deal in this and often, the rates are quite nominal. People buy DDoS attacks to silence websites that they may disagree with or to disrupt an online business.

Types of DDoS Attacks

There are different types of DDoS attacks. Let’s explore a few of them.

• TCP Connection Attacks: These are DDoS attacks that empty connections to infrastructure devices such as firewalls, load balancers, and application servers. Even devise that are designed to handle multiple connections can be overloaded through a TCP Connection Attack.
• Volumetric Attacks: The objective behind these attacks is to empty the bandwidth inside the target network or between the target network and the internet. The idea is to create as much congestion as possible.
• Fragmentation Attacks: These attacks focus on sending large volumes of UDP or TCP fragments the target. This causes the target to lose the ability to re-organize streams and suffer decreased performance.
• Application Attacks: These attacks target a specific aspect of a service and overwhelm it. The nature of this attack is such that detection can be almost impossible. There are very few attacking machines within the botnet.
• DNS Reflection: Here, the attacker forges the target’s IP address and sends requests to a DNS server. The reply to the requests is intended to be of large volume. As a result, the attacker’s botnet is amplified significantly, which results in the target being overwhelmed easily.
• Chargen Reflection: Chargen is an outdated testing service that most internet connected printers and computers support even today. This service basically requests replies from a device in the form of a random character stream. This results in Chargen being a viable tool for amplifying DNS attacks and such.