Explainer: Distributed Denial of Service Attack (DDoS Attack)
This article discusses Distributed Denial of Service (DDoS) attacks, how they can be prevented and mitigated, and their potential impact on businesses.
Writer: Jibi Moses
Distributed denial of service (DDoS) attacks are now everyday occurrences. Whether a small non-profit or a huge multinational conglomerate, the organisation’s online services—email, websites, anything that faces the internet—can be slowed or completely stopped by a DDoS attack. For data centres, colocation, hosting and other service providers, DDoS attacks threaten the infrastructure that provides network and service availability to all its tenants, subscribers and customers and can target the most valuable customers.
A successful DDoS attack can seriously damage a brand’s reputation and cost hundreds or even millions of dollars in revenue. Moreover, DDoS attacks are sometimes used to distract cybersecurity operations while other criminal activity, such as data theft or network infiltration, is underway.
A Denial-of-Service (DoS) attack shuts down a machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic or sending it information that triggers a crash. Some definitions of the DoS can be found here, here, here and here.
Network traffic is the data moving across a computer network at any given time. Network traffic, also called data traffic, is broken down into data packets and sent over a network before being reassembled by the receiving device or computer. In the case of an attack, keep sight of the other hosts, assets, or services residing on your network.
Meanwhile, a Distributed denial-of-Service (DDoS) attack is a DoS attack that uses multiple computers or machines to flood a targeted resource. Both attacks overload a server or web application, intending to interrupt services.
Many attackers conduct DoS or DDoS attacks to deflect attention away from their intended target and use the opportunity to conduct secondary attacks on other services within your network.
These attacks come in many forms: Volume-based attacks, Protocol attacks, Application-layer attacks, UDP attacks, ICMP attacks, Ping of death, Slowloris, and NTP application attacks.
All the above affect the victim(s) differently but with a similar intention of disrupting the user. However, this doesn’t give the attacker access to the website he/ she has attacked.
A recent example of a DDoS attack in South Sudan was the attack on the Bank of South Sudan site. The local media was awash with the news, as reported by Eye Radio, CityReview, and Sudan Post, A mysterious group calling itself Anonymous South Sudan, claimed responsibility of the attack, citing high inflation rates as the main reason for hacking the bank’s website. Calling for a drop in the wanted South Sudanese Pounds exchange rate to 400 SSPP per 1 USD.
Besides in the other parts of the world, there are some popular and recent DDoS attacks; the Github hub attack in Feb 2018, the Mirai botnet attack in 2016, The AWS DDoS Attack in 2020 and the European Gambling Company in 2021.
Meanwhile, Denial of Service should be distinct from Hacking. According to Malwarebytes: Hacking refers to activities that seek to compromise digital devices, such as computers, smartphones, tablets, and even entire networks. And while hacking might not always be for malicious purposes, nowadays, most references to hacking, and hackers, characterise it/them as unlawful activity by cybercriminals—motivated by financial gain, protest, information gathering (spying), and even just for the “fun” of the challenge. Another point is that hackers have total control of the site or whatever they have broken into, unlike DDoS, whereby the system is flooded with traffic to interrupt the system. However, DDoS is one of the many tools for hacking.
Prevention:
DDoS (Distributed Denial of Service) attacks can be challenging to prevent completely, but there are several measures that you can take to minimise their impact. Here are some steps to stop a DDoS attack on your website:
- Use a DDoS protection service: Consider using a third-party DDoS protection service to detect and mitigate attacks in real-time.
- Increase your server capacity: DDoS attacks can cause your website to become unavailable due to overwhelming traffic. Increasing your server capacity can help your website handle the traffic and remain available during an attack.
- Use a CDN (Content Delivery Network): A CDN can help distribute the traffic to multiple servers and reduce the load on your website, making it more resilient to DDoS attacks.
- Configure your firewall: Configure your firewall to block traffic from known malicious IP addresses, limit connections from a single IP address, and filter traffic based on specific patterns common in DDoS attacks.
- Keep your software up to date: Regularly update your website software, including the operating system, web server, and any third-party applications, to ensure that they are free from known vulnerabilities that could be exploited in a DDoS attack.
- Monitor your traffic: Analyze your traffic logs to identify any unusual traffic patterns that could indicate a DDoS attack. Using a monitoring tool can help you detect attacks early and take steps to mitigate them.
- Have a DDoS response plan: Develop a DDoS response plan that outlines the steps you will take in the event of an attack. This should include procedures for notifying your hosting provider, engaging a DDoS protection service, and communicating with your users.
What next if attacked?
Resolving a DDoS attack can be challenging, but there are several steps you can take to mitigate its effects: Identify the source of the attack: Determine where the attack is coming from and which systems or machines are being used to launch it. Block traffic from the attacking IPs: Once you know where the attack is coming from, block all traffic from those IP addresses to your network or website. Filter traffic: Apply filters to incoming traffic to identify and block malicious traffic and allow legitimate traffic. Increase server capacity: Add more servers or bandwidth to handle the increased traffic load. Use a Content Delivery Network (CDN): A CDN distributes network traffic across multiple servers, reducing the attack’s impact on any one server. Contact your Internet Service Provider (ISP): Your ISP may have tools or resources to help you mitigate the effects of a DDoS attack. Implement DDoS protection software: Several commercial and open-source options are available to help prevent DDoS attacks.
Remember that preventing DDoS attacks before they occur is the best strategy. It’s important to stay vigilant and keep your security measures up-to-date to reduce the risk of a successful attack.
To ensure accuracy and transparency, we at 211 Check welcome corrections from our readers. If you spot an error in this article, please request a correction using this form. Our team will review your request and make the necessary corrections immediately, if any.