Everything You Need To Know About DDoS Attacks
DDoS attacks have become one of the more common attack methods on the internet over recent years. Arbor Networks report that they see more than 2000 DDoS attacks worldwide, every single day. Today we will explain everything you need to know about DDoS attacks.
What are DDoS attacks?
The acronym DDoS stands for Distributed Denial of Service. We’ll start by looking at the latter part of this, and explain exactly what a Denial of Service attack is. A DoS attack is a method used by an attacker when they want to render a machine or service unusable by its regular users. There are many methods that can be used to achieve this goal.
Application attacks make multiple illegitimate requests to the service in question so that it is unable to respond to the regular users. Another method is to keep making TCP (transmission control protocol) connections until the computer’s buffer for connections is full, meaning that it can no longer process incoming connections. Fragmentation attacks make use of the fact that large packets of data can be sent over the internet by breaking them into fragments, by sending a large number of these fragmented packets to a server it can become unable to deal with the quantity received. Alternatively, attackers can look to overwhelm the computer with a sheer volume of network traffic of any kind, done by sending far more than it could be expected to handle. Unless the computer being attacked is heavily loaded it can be difficult for one single computer to bring it down, and even if it could, the attacking computer can be identified by its IP address and have traffic to the target stopped. This is where Distributed Denial of Service attacks come in.
Strength in numbers
To get around the shortfalls associated with their planned attacks, attackers distribute the attack source across multiple computers, in some cases thousands of them. When attacking a single computer or small clusters, it then becomes trivial to take them offline, and due to a large number of computers sourcing the attack it can be difficult for defenders to mitigate by blocking attacking IP addresses. For example, having 100 computers each contributing a relatively small 10Mb/s of traffic to a volumetric attack can easily overwhelm a server with a single 1Gb/s network connection.
As well as distributing the attack sources, in recent years attackers have increasingly been making use of amplification attacks. An amplification attack uses a technique whereby a request is made to servers using software that generally responds with a much larger response than the request made. By supplying the servers with a valid request and pretending to be requesting from the target IP address, these servers all respond to the target IP, flooding it with network traffic. Servers running DNS (Domain Name System) and NTP (Network Time Protocol) services were common targets for use in amplification attacks, as many were poorly configured allowing the entire world to query them with no limiting on requests. As system administrators have tightened up on the security of these services, other targets have been hunted out and the current target is the Memcached service where many installs were improperly configured. To put amplification attacks into perspective, GitHub was hit by a 1.35Tbps (Terabits per second, or 168.8 GigaBytes per second) DDoS attack using Memcached for amplification in February of this year.
What can you do to protect against a DDoS attack?
There’s not much you can do on your own, but companies such as CloudFlare sell a service that can scrub detected attack traffic before it can get to your server. If you are finding yourself suffering the effects of DDoS attacks, this can help you stay online. VPS hosting also helps you negate DDoS attacks by keeping your data contained. When a DDoS attack strikes a shared server, the whole server is affected – not just the intended target. VPS provides users with what seems to be their own private server, but without the additional cost.
See your options for virtual private servers today at VPS.NET.