What is a DDoS Attack: Definition, Types, and Prevention | Blog | Humanize

Download handbook

Home / Blog / What is a DDoS Attack: Definition, Types, and Prevention Blog

What is a DDoS Attack: Definition, Types, and Prevention

Published on Jan 25 2022

ddos attacks

A distributed denial-of-service (DDoS) attack is a malicious attempt to interrupt a targeted server or a network's regular traffic by flooding the target or its surrounding infrastructure with Internet traffic. DDoS assaults are effective because they use numerous hacked computer systems (also known as bots) as attack traffic sources. Computers and other network resources, such as IoT devices, are examples of exploited systems. 

Cybercriminals deploy DDoS attacks focusing on different motives.  Some of the common motives behind the attacks include monetary or economic gain, vengeance, ideological ideals, cyber warfare, and even for a simple adrenaline rush. 

  

How do DDoS attacks work? 

DDoS attacks are carried out via networks of machines or devices that are linked to the Internet. These networks are comprised of malware-infected PCs and other devices (such as IoT devices) that could be remotely manipulated. 

Individual devices are known as bots, while a botnet is a collection of bots. The attacker can direct an attack once a botnet has been built by delivering remote instructions to each bot. 

When a botnet targets a victim's server or network, each bot sends requests to the target's IP address, overloading the server or network and triggering a denial-of-service to regular traffic. Distinguishing attack from anormal traffic could be challenging as each bot is a valid Internet device. 

 

Types of DDOs attacks 

All DDoS attacks include flooding a target device or network with traffic. However, they can be classified into three types. 

1. Volume-based attacks 

This type of attack tries to clog up the Internet by absorbing all available bandwidth. Amplification or another method of producing considerable traffic, such as requests from a botnet, is used to send large volumes of data to a destination. ICMP flood attacks, UDP flood attacks, and other spoofed packet assaults are examples of volume-based attacks. 

  • Internet Control Message Protocol (ICMP) 

A Ping flood DDoS assault, also known as an Internet Control Message Protocol (ICMP) flood DDoS attack, is a typical Denial-of-Service (DoS) attack in which an attacker attempts to overwhelm a targeted device with ICMP echo-requests. 

ICMP attacks can be mitigated by disabling the ICMP capabilities of the targeted router or a computer. You may successfully prevent assaults launched from outside your network by configuring your perimeter security system to block pings. It is worth noting that this strategy will not protect you from internal threats. 

  • UDP flood 

The term "UDP flood" refers to a DoS attack in which the attacker floods random ports on the targeted host with IP packets containing UDP datagrams. The receiving host sends back a "Destination Unreachable" packet if no applications relate to these datagrams. The system gets overburdened and unavailable to other clients as more UDP packets are received and are responded to. 

Most operating systems attempt to minimize such attacks by restricting the pace of ICMP answers at the initial stage. Such indiscriminate screening, on the other hand, will influence organic traffic. UDP mitigation methods have traditionally depended on firewalls to filter out or stop harmful UDP packets. Modern high-volume assaults can easily overwhelm firewalls that are not constructed with overprovisioning in mind, making such approaches obsolete. 

2. Application layer attack 

  • HTTP flood 

HTTP flood is a Distributed Denial of Service (DDoS) attack in which an attacker attacks a web server or application by exploiting valid HTTP GET or POST requests. HTTP flood assaults are volumetric attacks that frequently employ a collection of Internet-connected machines that have been maliciously taken over(botnets), with the help of malware such as Trojan Horses.  

HTTP floods do not employ faulty packets, spoofing, or reflection methods to knock down the targeted site or server, and they consume less bandwidth than other assaults. As a result, they need a deeper awareness of the targeted area or application, and each assault must be carefully tailored to be successful. It is far more challenging to identify and stop HTTP flood assaults. The most effective mitigation approach is recognizing the IP repute, tracking aberrant activity, and utilizing progressive security challenges. 

3. Network-Layer DDoS Attacks

  • SYN Flood attack 

The concept of an SYN attack is similar to an employee accepting requests from the storefront. The employee receives a request from the customer, goes to fetch the product, and waits for confirmation before delivering it to the customer. The worker then receives several further shipment requests without confirmation until they are unable to carry any more parcels, are overloaded, and requests go unanswered.  

  •  Smurf attack 

Smurf attack works by spoofing the targeted server's IP address by sending an illicit packet to networked computers, requiring each recipient to react with an operational update. Because these pings aren't validated by a handshake, the same process repeats indefinitely. As a result, networked computers execute a distributed denial-of-service assault against their own server.

The bulk of network attacks that allowed the Smurf assault to happen could be countered. Some outdated systems, however, remain vulnerable to this self-destructive DDoS technique. All IP broadcasting addresses at each firewall and network router should be disabled as a rapid mitigating measure. On modern routers, this feature is most likely deactivated, but it is most likely enabled on old, outdated routers. 

SYN flood attacks could be prevented by using the following measures: 

  • Installing an intrusion prevention system (IPS) to identify unusual traffic patterns. 
  • Configure the onsite security system for SYN Attack Thresholds and SYN Flood protection if the capability exists.
  • Installing network equipment with rate-limiting capabilities that are up to date.
  • Installing commercial technologies to get network awareness and the capacity to observe and analyze data from various portions of the network. 

 

Conclusion 

Although DDoS assaults are very inexpensive and straightforward to carry out, their sophistication varies, and they may have a significant impact on the businesses or on the organization that is attacked. Therefore, it is necessary to be aware of them and their consequences. No system can be 100% secure from these types of attacks; however, you can mitigate and counter these with appropriate measures for the purpose of minimizing the consequences of the attack. 

 

Need quicker cybersecurity insights?

Get the Salience Risk Assessment Report for a rapid overview of potential security threats.