DDoS - What are DDoS attacks and how can they be prevented?

What are DDoS attacks and how can they be prevented?

Erfan Security August 25, 2021

If your website or app is suddenly offline due to a massive influx of traffic, it is very likely that it has been targeted by DDoS, or Denial-of-Service Attack. These types of cyber attacks are increasing rapidly and if they occur, they can cause significant damage to a business. What we want to address in this article is to get familiar with DDoS attacks and how to prevent them from occurring. So stay tuned until the end of this article.

What are DDos attacks?

A DDoS attack occurs when a hacker sends a huge flood of traffic to a network or server to disrupt a system and disable it. These attacks are usually done to temporarily disable or offline a website and may last for a few days or more.

Technically, the term Denial-of-Service is used for these attacks. Because the website or server is unable to provide services to legitimate traffic at the time of the attack. The term Distributed Denial-of-Service is also used for these attacks because illicit traffic is generated by hundreds, thousands, and sometimes millions of computer systems. Of course, if the traffic is sent from only one source, it is known as a DoS attack.

DDoS attacks use a botnet (a set of computer systems or Internet-connected devices that are remotely controlled), also called zombies, to send malware to the target computer system. .گ

Types of DDoS attacks

DDoS zombies usually target different layers of OSI (Open System Interconnection), which according to Cloudflare statistics fall into three general categories:

1- Application layer attack

Application layer attack is the simplest and most common form of DDoS attack, mimicking the request of regular servers. In other words, computer systems or devices in the Botnet come together just like a normal user to access a website or server, but as the scale of the attack increases, so does the number of seemingly normal requests so that the server can They are not processed and eventually fail.

2- Protocol attack

In the protocol attack, attackers misuse the server’s data processing resources to try to overload the system, which eventually causes it to crash. Sometimes botnets send packet data to the server for collection. The server then waits for confirmation from the source’s IP address, which of course never receives it, but the server continues to receive data.

3- Volumetric attacks

Volume attacks are somewhat similar to application attacks, except that volume attacks are more complex. In this type of DDoS attack, all the bandwidth of a server is consumed by booted botnets. For example, botnets can sometimes trick the server into sending huge amounts of data; In other words, a server has to re-process the receiving, collecting and sending operations.

Other methods of DDOS attacks include the following, some of the most important of which are as follows:

ICMP flood
SYN flood
Teardrop attacks
Low-rate Denial-of-Service attacks
Peer-to-peer attacks
Asymmetry of resource utilization in starvation attacks
Permanent denial-of-service attacks
Application-level floods
Nuke
R-U-Dead-Yet
Distributed attack
Reflected / Spoofed attack
Unintentional denial of service
Denial-of-Service Level II

ICMP Flood

In this method, by creating various requests and increasing the ping on the server, the service of the website is disrupted. Sending a huge volume of ICMP requests in a network will cause all the hosts on that network to respond, thus disrupting all the sites on that network, resulting in a large volume of responses to the access point within the network. It is routed and causes the switch to fail.

teardrop attacks

In this type of attack, by sending Mangled IP with Overlap, they create a high load volume for the system network card, which generally causes service disruption. This vulnerability is due to a bug in the network and TCP / IP layers. It should be that Windows 3.1, 95 and NT operating systems as well as Linux 2.1.63 and 2.0.32 are quite vulnerable to such attacks. Of course, in 2009, an example of this attack was carried out on Windows Vista, with the difference that this attack was carried out on a higher layer, namely on the SMB2 layer. Therefore, using updated and new operating systems can prevent this problem and security weakness.

Nuke

One of the oldest methods of attack is DDOS, which tries to disrupt and disable the server by sending incorrect ping requests. This attack is usually with software, that is WinNuke. It actually uses the weakness of Netbios in Windows 95 to attack. This software displays a blue screen in this version of the Windows operating system by sending a string of information to port 139.

R-U-Dead-Yet

These types of attacks are out of using sessions that are waiting for requests from web applications. Slowloris is the name of the program that keeps most of the web server sessions open for communication. RUDY also causes the web server to crash by sending requests with bulky headers to these pending sessions.

SYN flood

In SYN attacks, the goal is the hand-shake process in the TCP protocol. In this type of attack, the three-step process of establishing a TCP connection is abandoned by the part-time attacker. It causes the target server to wait for the rest of the steps needs to perform. When the number of requests increases, the server is no longer able to Do not communicate with new requests and be out of reach!

Who uses DDoS attacks?

Although DDoS attacks are very high in terms of destructive power, almost anyone can perform the basic and simple form of these attacks. Ordinary people can pay for a DDoS attack on the black market or online, or rent a botnet to run their malicious targets.

In general, the following people run DDoS attacks for a number of specific reasons:

Business Owners: To beat competitors
Gamers: To destroy competitors
Activists: To prevent people from accessing specific content
Trolls: To take revenge on a person

Who is at risk for DDoS attacks?

Ordinary people should not worry too much about this because DDoS attacks often target large companies. They could lose millions of dollars in damage caused by DDoS attacks. Of course, smaller businesses also face a lot of difficulties in the event of these attacks. In general, all online organizations should be fully ready to deal with DDoS attacks at any time.

How to prevent DDoS

You can not prevent the sending of unauthorized traffic to your website servers, but you can prepare yourself in advance to deal with it. To do this, you must do the following:

1- Traffic monitoring

You need to have a good understanding of how low, medium and high your website traffic is; In fact, you can set a limit to your traffic rate so that it does not exceed the allowable limit. So the server will receive the sent requests as far as it can process. In addition, regular traffic monitoring helps you to quickly identify website traffic issues.

You also need to ready during certain seasons or during advertising campaigns when a lot of traffic is flowing to the website. Sometimes the legitimate traffic that flows from the social network’s viral links to the website can also cause problems similar to DDoS attacks. In other words, even if the traffic comes from a reliable source. It can cause server crashes that ultimately incur irreparable costs.

2- Increase bandwidth

You need to determine the capacity of your website server based on the average and maximum traffic. Of course, you should always consider the bandwidth for the server more than you need. This will give you more time in the event of a DDoS attack before your website, server or application crashes completely.

3- Use of content distribution network (CDN):

The main purpose of DDoS attacks is to completely overload your web server. So one of the best ways to deal with it is to distribute website data across multiple servers around the world.

This is a content distribution network, or CDN. The CDN’s job is to deliver your website data to users from the nearest server. In addition, the use of multiple servers makes it easy for the rest of them to continue to work in the event of an overload on one server.

In addition, cloud services such as Cloudflare give you the ability to protect your website against DDos attacks by activating an option. It usually has several basic to advanced levels. Therefore, you can select the desired option according to the volume of requests sent.

Important points in case of DDoS attacks

Today, DDoS attacks are very powerful and it is not possible to confront and eliminate them alone. So the best thing to do to protect yourself against these attacks is to follow security tips and prevent them. However, if your website crashes due to DDos attacks, you can restore it to normal by following these steps.

1- Performing defensive measures quickly:

As mentioned earlier, if you are aware of the normal traffic to your website, you can easily detect DDoS attacks. In this case, you will see a huge amount of web traffic or server requests sent from suspicious sources. With the difference that you have enough time to deal with it before the server is completely down.

Of course, keep in mind that at the first opportunity, you should specify the server traffic limit and clear the server log history to give it more space.

2- Contact hosting:

Inform your hosting support promptly in the event of a DDoS attack. They can eliminate all incoming requests to the server by creating a Blackhole path until the attack stops. In fact, it is to their advantage that otherwise. If your host is for sharing, other customers’ hosting may also crash.

Finally, they use a scrubber to separate legitimate traffic from the black hole to separate legitimate requests from malicious ones.

3- Contacting a network specialist:

If your website has attacks on a large scale, you should contact a DDoS specialist. In fact, they direct your traffic to their massive servers, where they remove malicious and suspicious requests. Of course, hiring a DDoS specialist puts a lot of costs on you.

blog posts