A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt regular traffic to a target server, service, or network by overwhelming the target or surrounding infrastructure with large amounts of Internet traffic. These methods prevent DDoS and protect the infrastructure with DDoS attack protection solutions. Equip the network, applications, and infrastructure with a multi-level protection strategy. This may include prevention management systems that combine firewalls, VPNs, anti-spam, content filtering, and other security layers to monitor activity that may be symptomatic of a DDoS attack.
I think it beneficial that you mentioned that a DDoS attack can be defined as just disrupting a network, as it does not need to completely render a network unusable in order for the goal of the attackers to be achieved. Mentioning prevention and mitigation methods for DDoS attacks was also a good addition to your post.
I was unaware that there were different DDoS attacks. I assumed that the “Syn” flooding to throttle network bandwidth was the only type of DDoS attack. I found it interesting that DDoS attacks can specifically target other resources like memory and CPU. As far as protecting against DDoS attacks, I am familiar with the options listed in the article, such as load balancers. Even cloud services like Cloudflare and AWS Shield offer some protection against DDoS attacks.
A high number of requests coming from a single IP or IP range can indicate an attack. Another indicating factor is if there’s a flood of users sharing a behavioral pattern, such as geolocation, browser type, or device type. A third indicator is if there’s an unexplained surge in requests to a single page or endpoint. And finally, if there are any unnatural spikes during intervals of the day. For example, a spike every ten minutes.
Distributed Denial of Service (DDoS) uses a bot to executes the attack. It sends a packet to the network repeatedly to cause it unable to process all the packets. Web services and platforms are at the high risk of getting targeted by the DDoS. There are different types of DDoS attacks such as Volumetric attacks, Applications-layer attack, and Protocol attacks. The way to prevent the DDoS attacks is by have a DDoS response plan prepared, allocating a response team, installing a protection tool, and keeping all the systems up to date. In addition, there are tools available as well such as Cloudflare and Imperva to detect the DDoS attacks.
One of the more interesting points that I took away from this reading was that hosting an application in a cloud infrastructure could help prevent/mitigate DDoS attacks.
I’m curious what protections are in place that make this true, and if how the cloud infrastructure itself could become compromised in order to launch DDoS attacks.
The key concern in mitigating a DDoS attack is differentiating between attack traffic and normal traffic. For example, if a product release has a company’s website swamped with eager customers, cutting off all traffic is a mistake. If that company suddenly has a surge in traffic from known attackers, efforts to alleviate an attack are probably necessary. The difficulty lies in telling the real customers apart from the attack traffic. In the modern Internet, DDoS traffic comes in many forms. The traffic can vary in design from un-spoofed single source attacks to complex and adaptive multi-vector attacks. A multi-vector DDoS attack uses multiple attack pathways in order to overwhelm a target in different ways, potentially distracting mitigation efforts on any one trajectory. An attack that targets multiple layers of the protocol stack at the same time, such as a DNS amplification. Mitigating a multi-vector DDoS attack requires a variety of strategies in order to counter different trajectories The main aim of distributed denial of service attack is to send huge amounts of information into the target server so that it can no longer allow the actual user to access it. This is done by hackers using multiple computer controls. The noticeable difference between denial-of-service attacks and distributed denial of service attacks is that for DDoS. This is so because there are control mechanism or zombie computers, and reflection or amplification networks typically, rather than typical attackers or main computers and victim/attack servers. However, DDoS attacks increasingly appear to be tougher to detect partly due to the fact that there are many IP addresses linked up with the zombie computer and they may even use the IP address of the victim server to attack. There are several methods that could be used to address DDoS attacks, such as filtering illegal traffic, load balancing, throttling, using honeypot, active caching, and cloud infrastructure hosting.
It was interesting to see that there are two types of DDoS attacks, one type that attacks the network and another that attacks the vulnerabilities in applications. Also, seeing that DDoS attacks are difficult to prevent and mitigate it was interesting to see the different methods that can be used to mitigate these attacks. I feel like conducting a honey pot experiment would be eye-opening to many organizations, as they would see how many different attacks are coming in, and it would allow them to gain the statistical patterns and attack intentions as the article states, which would enable them to be more prepared if they were to experience a DDoS attack on their daily servers.
Hi Dhaval, I agree with you. I had no idea that there were two types of DDOS attacks prior to reading this article; now I see an even more pressing need for universal clients/servers to regularly patch.
While reading this article, it was interesting to find out there are 2 types of DDoS attacks. As the article mentions, there is an attack that targets the Network and choke the Internet bandwidth used by the victim server, so it cannot accept requests from users through the Internet gateway & attacks that target vulnerabilities.
It was interesting to learn about how unsuspecting users can have their computers utilized in a DDoS attack as “zombie computers.” Many times these computers come under control of the attacker through malicious software and are then used to flood the DDoS victim’s servers with enough information to prevent other users from accessing its services. Although DDoS attacks can be difficult to mitigate, a few helpful tactics include identifying traffic patterns, creating alternate network paths and applying load balancing, and throttling the maximum limit of incoming traffic.
One big takeaway I got from this reading was the importance of protecting client devices in order to prevent DDOS attacks. Overall, there are a number of mitigation measures available (i.e. aggressive caching, honeypots, throttling, etc.); but, the best way to prevent a DDOS attack is to eliminate the availability of botnets/zombie computers. I think that cloud providers, in addition to OS providers, should have the ability to deactivate inactive clients/servers/vm’s (with an ability to salvage the access if need be), and enforce regular patching and high authentication standards. Attackers that cannot access devices due to security measures like this would have a much more difficult time creating botnets and delivering these attacks.
I agree with you about the importance of protecting client devices from DDOS attacks. The best way to prevent DDOS attacks is to eliminate the availability of zombie computers. Another way is to identify the statistical patterns of DDoS attacks at the outset and compare them to real-time traffic, which may help identify these attacks early. Overprovisioned resources can help even if they can only be called during a DDoS attack.
I agree, almost all DDOS attacks are conducted using botnets and they are the root of the problem. If cloud and OS, providers could terminate the botnets/zombie computers the majority of DDOS problems would be solved. However, terminating botnets is no easy task and so the key is to keep your system from being infected, by staying up to date with patching and establishing high authentication standards as you said.
From that article I learned that DDoS stands for Distributed Denial of Service attack and is a form of attack. Infected computers controlled by the attacker are used to directly or indirectly flood the target server, while the owners of the infected computers may not be aware that they are being used by the attacker. In order to degrade the quality of service, only web servers with huge traffic are periodically flooded, instead of shutting it down directly.
On the other hand, identifying the statistical patterns of DDoS attacks and comparing them to real-time traffic may help identify these attacks early. This approach can identify and filter illegal traffic while allowing legitimate traffic, but this requires a proper filtering system, done either automatically or manually. Over-provisioned resources can be helpful even if they can only be invoked during a DDoS attack. Especially in small DDoS attacks, as it can handle more traffic.
Distributed denial of service means that the attacker uses the puppet computer to initiate many requests to the target website in a short period and consumes the host resources of the target website on a large scale, making it unable to serve usually.
A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the regular traffic of a targeted server, service, or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.
Types of DDoS attacks – There are three main types of DDoS attacks:
1. Network-centric or volumetric attacks. These overload a targeted resource by consuming available bandwidth with packet floods. The server then overwhelms the target with responses.
2. Protocol attacks. These target network layer or transport layer protocols use flaws in the protocols to overwhelm targeted resources. An SYN flood attack, for example, sends the target IP addresses a high volume of “initial connection request” packets using spoofed source IP addresses. This drags out the Transmission Control Protocol handshake, which can never finish because of the constant influx of requests.
3. Application layer. Here, the application services or databases get overloaded with a high volume of application calls. The inundation of packets causes a denial of service. One example of this is a Hypertext Transfer Protocol (HTTP) flood attack, which is the equivalent of refreshing many web pages over and over simultaneously.
DDOS Prevention:
The approach would be to Equip the network, applications, and infrastructure with multi-level protection strategies, including prevention management systems that combine firewalls, VPN, anti-spam, content filtering, and other security layers to monitor activities and identity traffic inconsistencies that may be symptoms of DDoS attacks. (Defense in depth).
Hello Olayinka,
That’s a great post. That are some of the best practice to prevent the DDoS attacks. In addition to that, I would add using a IDP/IPS to also identify any usually traffic patterns. Also, have the tools that could help detect the DDoS attack just to be prepare in case if there were to be an DDoS attack the appropriate mitigation steps could be taken.
One key point that I took from the article “An Introduction to DDoS – Distributed Denial of Service attack” is that some DDoS attackers do not have the goal of rendering the network, or services within the network, unusable – sometimes they just want to slow these things down make it frustrating and almost impossible to use.
I feel like this is in some ways even more malicious than a complete denial of service because for networks without experienced managers, these may be easily perceived as internal issues when in reality the organization is under attack.
Another key point I took from the article how well honeypots can work in mitigating DDoS attacks (and also other forms of attacks). By using a honeypot, the attacker does not get to any place of significance within the network, and it is easier to monitor what the attacker tries to do, see if they come back in the future, and monitor attempted attacks from different attackers and how the may be similar. This would help in identifying vulnerabilities in ones network or attacks types that are more common on the victim.
Hi Michael,
I also think that honeypots are a pretty good extra defense layer to add into an organization to try to bait attackers. I think that historically, and based on the author’s brief description, they were made to be beyond obviously vulnerable, but the modern attacker is more than aware that honeypots exist, and that a sequence of basic vulnerabilities is probably unlikely for an organization of a large size.
Michael,
I sincerely agree with you as regards your above analysis which states, ” Distributed Denial of Service attack” is that some DDoS attackers do not have the goal of rendering the network, or services within the network, unusable – sometimes they just want to slow these things down make it frustrating and almost impossible to use”. However, you would agree with me without any level of paradox that if that circumstance occurs then it undoubtedly affects confidentiality, integrity and availability of that organization information, which in turn, would affect their productivity.
DDoS is a frequent topic that comes up, but the mitigation approaches are much more interesting to me. In addition to the rate limiting / throttling which can help a bit, the other forms of mitigation against DDoS attacks include traffic filtering, which can help filter out illegitimate traffic based on pattern analysis, load balancers, which are great devices to implement into a network even just for handling extra traffic during busier business times for example so they provide more than one use for implementation, and lastly, honeypots. I disagree with the author’s opinion stating that a honeypot should be extremely vulnerable; in the modern threat environment, experts seem to share the belief that attackers are more than aware that certain extremely vulnerable-looking networks are obviously honeypots, and so they instead harden them with some basic defenses, which are more likely to bait attackers into spending some time attempting to bypass their “security.”
A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. DDos attacks fall into three categories. Volumetric, Protocol and Application Attacks Volumetric DDoS attacks are designed to overwhelm internal network capacity. They attempt to consume the bandwidth either within the target network/service, or between the target network/service and the rest of the Internet.Protocol attacks are designed to eat up the processing capacity of network infrastructure resources like servers, firewalls, and load balancers. Application attacks exploit weaknesses in the application.By opening connections and initiating process and transaction requests that consume finite resources like disk space and available memory
zijian ou says
A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt regular traffic to a target server, service, or network by overwhelming the target or surrounding infrastructure with large amounts of Internet traffic. These methods prevent DDoS and protect the infrastructure with DDoS attack protection solutions. Equip the network, applications, and infrastructure with a multi-level protection strategy. This may include prevention management systems that combine firewalls, VPNs, anti-spam, content filtering, and other security layers to monitor activity that may be symptomatic of a DDoS attack.
source: https://www.dsm.net/it-solutions-blog/prevent-ddos-attacks
Michael Jordan says
Hi Zijian,
I think it beneficial that you mentioned that a DDoS attack can be defined as just disrupting a network, as it does not need to completely render a network unusable in order for the goal of the attackers to be achieved. Mentioning prevention and mitigation methods for DDoS attacks was also a good addition to your post.
-Mike
Kelly Sharadin says
I was unaware that there were different DDoS attacks. I assumed that the “Syn” flooding to throttle network bandwidth was the only type of DDoS attack. I found it interesting that DDoS attacks can specifically target other resources like memory and CPU. As far as protecting against DDoS attacks, I am familiar with the options listed in the article, such as load balancers. Even cloud services like Cloudflare and AWS Shield offer some protection against DDoS attacks.
https://www.cloudflare.com/ddos/
https://aws.amazon.com/shield/?whats-new-cards.sort-by=item.additionalFields.postDateTime&whats-new-cards.sort-order=desc
Madalyn Stiverson says
There are a few ways to identify a DDoS attack.
A high number of requests coming from a single IP or IP range can indicate an attack. Another indicating factor is if there’s a flood of users sharing a behavioral pattern, such as geolocation, browser type, or device type. A third indicator is if there’s an unexplained surge in requests to a single page or endpoint. And finally, if there are any unnatural spikes during intervals of the day. For example, a spike every ten minutes.
Vraj Patel says
Distributed Denial of Service (DDoS) uses a bot to executes the attack. It sends a packet to the network repeatedly to cause it unable to process all the packets. Web services and platforms are at the high risk of getting targeted by the DDoS. There are different types of DDoS attacks such as Volumetric attacks, Applications-layer attack, and Protocol attacks. The way to prevent the DDoS attacks is by have a DDoS response plan prepared, allocating a response team, installing a protection tool, and keeping all the systems up to date. In addition, there are tools available as well such as Cloudflare and Imperva to detect the DDoS attacks.
Reference:
https://www.dnsstuff.com/prevent-ddos-attack
Andrew Nguyen says
One of the more interesting points that I took away from this reading was that hosting an application in a cloud infrastructure could help prevent/mitigate DDoS attacks.
I’m curious what protections are in place that make this true, and if how the cloud infrastructure itself could become compromised in order to launch DDoS attacks.
kofi bonsu says
The key concern in mitigating a DDoS attack is differentiating between attack traffic and normal traffic. For example, if a product release has a company’s website swamped with eager customers, cutting off all traffic is a mistake. If that company suddenly has a surge in traffic from known attackers, efforts to alleviate an attack are probably necessary. The difficulty lies in telling the real customers apart from the attack traffic. In the modern Internet, DDoS traffic comes in many forms. The traffic can vary in design from un-spoofed single source attacks to complex and adaptive multi-vector attacks. A multi-vector DDoS attack uses multiple attack pathways in order to overwhelm a target in different ways, potentially distracting mitigation efforts on any one trajectory. An attack that targets multiple layers of the protocol stack at the same time, such as a DNS amplification. Mitigating a multi-vector DDoS attack requires a variety of strategies in order to counter different trajectories The main aim of distributed denial of service attack is to send huge amounts of information into the target server so that it can no longer allow the actual user to access it. This is done by hackers using multiple computer controls. The noticeable difference between denial-of-service attacks and distributed denial of service attacks is that for DDoS. This is so because there are control mechanism or zombie computers, and reflection or amplification networks typically, rather than typical attackers or main computers and victim/attack servers. However, DDoS attacks increasingly appear to be tougher to detect partly due to the fact that there are many IP addresses linked up with the zombie computer and they may even use the IP address of the victim server to attack. There are several methods that could be used to address DDoS attacks, such as filtering illegal traffic, load balancing, throttling, using honeypot, active caching, and cloud infrastructure hosting.
Dhaval Patel says
It was interesting to see that there are two types of DDoS attacks, one type that attacks the network and another that attacks the vulnerabilities in applications. Also, seeing that DDoS attacks are difficult to prevent and mitigate it was interesting to see the different methods that can be used to mitigate these attacks. I feel like conducting a honey pot experiment would be eye-opening to many organizations, as they would see how many different attacks are coming in, and it would allow them to gain the statistical patterns and attack intentions as the article states, which would enable them to be more prepared if they were to experience a DDoS attack on their daily servers.
Lauren Deinhardt says
Hi Dhaval, I agree with you. I had no idea that there were two types of DDOS attacks prior to reading this article; now I see an even more pressing need for universal clients/servers to regularly patch.
Victoria Zak says
While reading this article, it was interesting to find out there are 2 types of DDoS attacks. As the article mentions, there is an attack that targets the Network and choke the Internet bandwidth used by the victim server, so it cannot accept requests from users through the Internet gateway & attacks that target vulnerabilities.
Patrick Jurgelewicz says
It was interesting to learn about how unsuspecting users can have their computers utilized in a DDoS attack as “zombie computers.” Many times these computers come under control of the attacker through malicious software and are then used to flood the DDoS victim’s servers with enough information to prevent other users from accessing its services. Although DDoS attacks can be difficult to mitigate, a few helpful tactics include identifying traffic patterns, creating alternate network paths and applying load balancing, and throttling the maximum limit of incoming traffic.
Lauren Deinhardt says
One big takeaway I got from this reading was the importance of protecting client devices in order to prevent DDOS attacks. Overall, there are a number of mitigation measures available (i.e. aggressive caching, honeypots, throttling, etc.); but, the best way to prevent a DDOS attack is to eliminate the availability of botnets/zombie computers. I think that cloud providers, in addition to OS providers, should have the ability to deactivate inactive clients/servers/vm’s (with an ability to salvage the access if need be), and enforce regular patching and high authentication standards. Attackers that cannot access devices due to security measures like this would have a much more difficult time creating botnets and delivering these attacks.
Dan Xu says
Hi Lauren,
I agree with you about the importance of protecting client devices from DDOS attacks. The best way to prevent DDOS attacks is to eliminate the availability of zombie computers. Another way is to identify the statistical patterns of DDoS attacks at the outset and compare them to real-time traffic, which may help identify these attacks early. Overprovisioned resources can help even if they can only be called during a DDoS attack.
Dhaval Patel says
Hi Lauren,
I agree, almost all DDOS attacks are conducted using botnets and they are the root of the problem. If cloud and OS, providers could terminate the botnets/zombie computers the majority of DDOS problems would be solved. However, terminating botnets is no easy task and so the key is to keep your system from being infected, by staying up to date with patching and establishing high authentication standards as you said.
Dan Xu says
From that article I learned that DDoS stands for Distributed Denial of Service attack and is a form of attack. Infected computers controlled by the attacker are used to directly or indirectly flood the target server, while the owners of the infected computers may not be aware that they are being used by the attacker. In order to degrade the quality of service, only web servers with huge traffic are periodically flooded, instead of shutting it down directly.
On the other hand, identifying the statistical patterns of DDoS attacks and comparing them to real-time traffic may help identify these attacks early. This approach can identify and filter illegal traffic while allowing legitimate traffic, but this requires a proper filtering system, done either automatically or manually. Over-provisioned resources can be helpful even if they can only be invoked during a DDoS attack. Especially in small DDoS attacks, as it can handle more traffic.
zijian ou says
Distributed denial of service means that the attacker uses the puppet computer to initiate many requests to the target website in a short period and consumes the host resources of the target website on a large scale, making it unable to serve usually.
Olayinka Lucas says
A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the regular traffic of a targeted server, service, or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.
Types of DDoS attacks – There are three main types of DDoS attacks:
1. Network-centric or volumetric attacks. These overload a targeted resource by consuming available bandwidth with packet floods. The server then overwhelms the target with responses.
2. Protocol attacks. These target network layer or transport layer protocols use flaws in the protocols to overwhelm targeted resources. An SYN flood attack, for example, sends the target IP addresses a high volume of “initial connection request” packets using spoofed source IP addresses. This drags out the Transmission Control Protocol handshake, which can never finish because of the constant influx of requests.
3. Application layer. Here, the application services or databases get overloaded with a high volume of application calls. The inundation of packets causes a denial of service. One example of this is a Hypertext Transfer Protocol (HTTP) flood attack, which is the equivalent of refreshing many web pages over and over simultaneously.
DDOS Prevention:
The approach would be to Equip the network, applications, and infrastructure with multi-level protection strategies, including prevention management systems that combine firewalls, VPN, anti-spam, content filtering, and other security layers to monitor activities and identity traffic inconsistencies that may be symptoms of DDoS attacks. (Defense in depth).
Vraj Patel says
Hello Olayinka,
That’s a great post. That are some of the best practice to prevent the DDoS attacks. In addition to that, I would add using a IDP/IPS to also identify any usually traffic patterns. Also, have the tools that could help detect the DDoS attack just to be prepare in case if there were to be an DDoS attack the appropriate mitigation steps could be taken.
Michael Jordan says
One key point that I took from the article “An Introduction to DDoS – Distributed Denial of Service attack” is that some DDoS attackers do not have the goal of rendering the network, or services within the network, unusable – sometimes they just want to slow these things down make it frustrating and almost impossible to use.
I feel like this is in some ways even more malicious than a complete denial of service because for networks without experienced managers, these may be easily perceived as internal issues when in reality the organization is under attack.
Another key point I took from the article how well honeypots can work in mitigating DDoS attacks (and also other forms of attacks). By using a honeypot, the attacker does not get to any place of significance within the network, and it is easier to monitor what the attacker tries to do, see if they come back in the future, and monitor attempted attacks from different attackers and how the may be similar. This would help in identifying vulnerabilities in ones network or attacks types that are more common on the victim.
Antonio Cozza says
Hi Michael,
I also think that honeypots are a pretty good extra defense layer to add into an organization to try to bait attackers. I think that historically, and based on the author’s brief description, they were made to be beyond obviously vulnerable, but the modern attacker is more than aware that honeypots exist, and that a sequence of basic vulnerabilities is probably unlikely for an organization of a large size.
kofi bonsu says
Michael,
I sincerely agree with you as regards your above analysis which states, ” Distributed Denial of Service attack” is that some DDoS attackers do not have the goal of rendering the network, or services within the network, unusable – sometimes they just want to slow these things down make it frustrating and almost impossible to use”. However, you would agree with me without any level of paradox that if that circumstance occurs then it undoubtedly affects confidentiality, integrity and availability of that organization information, which in turn, would affect their productivity.
Antonio Cozza says
DDoS is a frequent topic that comes up, but the mitigation approaches are much more interesting to me. In addition to the rate limiting / throttling which can help a bit, the other forms of mitigation against DDoS attacks include traffic filtering, which can help filter out illegitimate traffic based on pattern analysis, load balancers, which are great devices to implement into a network even just for handling extra traffic during busier business times for example so they provide more than one use for implementation, and lastly, honeypots. I disagree with the author’s opinion stating that a honeypot should be extremely vulnerable; in the modern threat environment, experts seem to share the belief that attackers are more than aware that certain extremely vulnerable-looking networks are obviously honeypots, and so they instead harden them with some basic defenses, which are more likely to bait attackers into spending some time attempting to bypass their “security.”
Kyuande Johnson says
A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. DDos attacks fall into three categories. Volumetric, Protocol and Application Attacks Volumetric DDoS attacks are designed to overwhelm internal network capacity. They attempt to consume the bandwidth either within the target network/service, or between the target network/service and the rest of the Internet.Protocol attacks are designed to eat up the processing capacity of network infrastructure resources like servers, firewalls, and load balancers. Application attacks exploit weaknesses in the application.By opening connections and initiating process and transaction requests that consume finite resources like disk space and available memory