Distributed Denial of Service, or DDoS, is a method where cybercriminals flood a network with so much malicious traffic that it can’t operate or communicate as it usually would.
In this article, we will address DDoS attacks, the different types of attacks, and how to stop a DDoS attack.
Before diving in, let’s take a look at some cybersecurity statistics.
- 43% of cyberattacks target small businesses.
- 95% of cybersecurity breaches are a result of human error.
- 94% of malware is delivered via email.
- More than half a million Zoom user accounts were compromised and sold on the dark web.
Types of DDoS Attacks
There are three types of DDoS attacks:
- Volume-Based Attacks
- Protocol Attacks
- Application Layer Attacks
Volume-based attacks are the most common DDoS attacks. Hackers use multiple computers and internet connections to flood a website with traffic. This activity overwhelms the website’s avalanche bandwidth. The result is that legitimate traffic cannot pass through, giving hackers the ability to successfully take down a website.
These attacks include:
- UDP floods
- ICMP floods
Protocol attacks exhaust the server resources. These attacks target intermediates between the server and the website, such as firewalls and load balancers. Hackers make fake protocol requests to consume the available resources. These attacks are measured in packets per second (pps).
These attacks include:
- SYN floods
- Fragmented packet attacks
- Ping of Death
- Smurf DDoS
Application Layer Attacks
Application attacks require fewer resources than volume and protocol attacks. These attacks target weaknesses within applications such as Apache, Windows, and OpenBSD. Application attacks initially appear legitimate because it mimics a user’s traffic behavior. Since these attacks are only targeting specific applications, they often go unnoticed.
These attacks include:
- Low-and-slow attacks
- GET/POST floods
- Attacks that target Apache, Windows, or OpenBSD vulnerabilities
DDoS attacks are always evolving. Hackers may launch a protocol attack to create a distraction and then launch an application attack since they take more time to find the vulnerabilities within an application layer. These types of attacks are known as “blended attacks” and are becoming more frequent and complex.
ICMP or Internet Control Message Protocol is a protocol that devices within a network used to communicate problems with data transmission. ICMP is a key aspect of the error reporting process and testing to see how well the network is transferring data.
ICMP can be used in DDoS attacks. These attacks are known as ICMP floods or Ping Floods. Attackers attempt to overwhelm a targeted device with echo requests known as pings. Normally, these are used to ping a network device to diagnose the health and connectivity of the device and the connection between the sender and the device. An ICMP flood attack causes the target to be inaccessible to normal traffic.
Signs of an ICMP Flood Attack
There are three categories of an ICMP flood attack these include:
Targeted local disclosed: This is an attack on a single computer on a local network. In order to find the IP address, the attacker needs the physical address of the computer.
Router disclosed: These attacks target the routers on a network and disrupt the connectivity with the computers. In order to carry out this attack, the attacker must know the internal IP address of a local router. This attack takes down all the computers connected to the network.
Blind ping: This type of attack uses an external program to find out the IP address of the targeted device before attacking.
DDoS Attack Prevention
DDoS attacks can have serious ramifications. So, how can you be ready and prevent these attacks?
Here are some ways you can stop a DDoS attack:
Know your network’s traffic.
Every organization has a typical internet pattern. Knowing these patterns will help you recognize any unusual activity and identify any symptoms of a DDoS attack.
Create a denial of service response plan.
Having a plan in advance will help you recognize and respond efficiently to a DDoS attack. Your plan should include the following:
- A systems checklist
- A trained response team
- Well-defined notification and escalation procedures.
- A list of internal and external contacts that should be informed about the attack
- A communication plan for all other stakeholders, like customers or vendors
Make your network resilient.
Your network should be as resilient as possible to prevent a DDoS attack. Use the following strategies:
- Put data centers on different networks
- Make sure that not all your data centers are in the same physical location
- Putt servers in different data centers
Practice good cyber hygiene.
It’s important to use the best practices of cyber security. This means:
- Changing passwords
- Secure authentication practice
- Avoid phishing attacks
Scale up your bandwidth.
More bandwidth will allow your company to handle a larger volume of traffic. However, this won’t necessarily stop or eliminate DDoS attacks.
Take advantage of anti-DDoS hardware and software.
DDoS attacks aren’t a new problem. Therefore, there are many products available to protect against DDoS attacks. You should take advantage of these products.
Move to the cloud.
The cloud has more resources than on-premise resources. A benefit of the cloud is that many servers are not located in the same place.
Know the signs of an attack.
Knowing the signs of an attack is essential so it can be addressed immediately. Some signs include:
- A slower network
- The website shuts down
- Increased spam
Outsource your DDoS protection.
Some companies offer DDoS protection as a service. These companies specialize in responding to DDoS attacks. Some companies have defenses or mitigate the damage during an ongoing attack.
Monitor for unusual activity.
Knowing your network will help you monitor it for any signs of an attack. Your company should take advantage of monitoring its network in real-time. Monitoring in real-time will allow you to recognize a DDoS attack and address it quickly.
Finally, if your website or online operation is the main part of your business, knowing about and understanding the basics of DDoS attacks is important.
Knowing the signs of a DDoS attack and understanding how to prevent them can keep your business’s website secure and functioning optimally.
- What percent of small businesses are victims of cybersecurity attacks?
- What does DDoS stand for?
- What are the three kinds of DDoS attacks?
- What does ICMP mean?
- How can I stop a DDoS attack?