Imagine you’re driving on a highway on your way home and everything is moving smoothly and fast. Then, all of a sudden a traffic jam joins the highway and you have to slow down and maybe even stop. That’s what a distributed denial-of-service (DDoS) attack is: a way of cybercriminals to try to disrupt or completely crash normal traffic of a targeted server, network or website by flooding it with too much traffic.
How does a DDoS attack work?
A basic DDoS attack can easily be done by anyone. All you need is two devices that can send fake traffic to a server. However, the ultimate aim of attackers is usually to completely prevent the web resource’s normal functioning, also known as a total “denial of service”. In order to do this, more is needed. To make a DDoS attack as successful as possible, cybercriminals often establish a “zombie network” of several remotely infected and controllable computers that then attack a server. This is also called a botnet.
What types of DDoS attacks are there?
There are several types of DDoS attacks, such as volume-based attacks, application layer attacks, and protocol attacks. Volume-based attacks include ICMP, UDP and other attacks that try to consume bandwidth. Here the rule is that the higher bits-per-second (Bps) rate the attack generates, the more effective it will be. Application layer attacks target apps with a very high volume of, which appears to be legitimate, requests in a short amount of time until a server crashes. Examples of protocol attacks are Smurf DDoS and SYN floods, which go after server resources.
What is the impact of a DDoS attack?
Any DDoS attack can be a serious risk to your business and can negatively influence your time, money, clients and even your reputation. When a successful DDoS attack happens, no one will be able to access network resources for hours, days or even weeks. This can not only be very bad for your time and money, but also for your clients and even the reputation of your business.
Are DDoS attackers easy to find?
Catching experienced DDoS attackers is incredibly difficult. They often use different VPN/ TOR networks, which makes tracking their actual IP address very difficult. However, catching inexperienced DDoS attackers has shown to be a lot easier.
We have, for example, noticed that many young people organize DDoS attacks out of dissatisfaction, fun or boredom. These DDoS attacks are often aimed at schools or game servers. Young people also often attack the home IP addresses of their victims. In this case, there is unfortunately very little you can do because these providers usually do not offer DDoS protection. On the contrary, schools and game servers are usually protected against DDoS attacks because their hosting provider offers this service.
Young or inexperienced attackers often think that they are properly hiding their IP addresses when they use a VPN/TOR network. However, they often forget that their browser’s cookies are transferred to the anonymous IP address and that their cookies have already been sent to the to-be attacked website in an earlier session. When the attacker then decides to attack the website via the anonymous IP address, it’s easy to connect all the information and find the attacker.
DDoS attacks and Hostio Solutions
Even though the number of successful DDoS attacks has been reducing, it’s important to take measures to prevent them from happening.
Most DDoS attacks happen via User Datagram Protocol (UDP). However, most customers that have services running use Transmission Control Protocol (TCP). This allows us to block UDP traffic and keeping our servers online.
In case we’re not able to filter a DDoS attack we use the fully automatic DDoS protection that our transit (network) provider provides. Our network provider has a DDoS protection capacity of more than 1 Tbps. Since our transit provider has a very advanced control panel, we can also follow everything real-time and even implement implications ourselves if the attacker changes his or her strategy.