Everything you need to know about DoS and DDoS attacks
With the IT industry blooming to a whole new level, hackers are employing sophisticated attacks to gain control of critical information of an enterprise. Attacks like DOS(Denial of service attacks) have become very common in recent years.
Earlier, DOS attacks were primarily used by novice attackers for fun, and mitigating those attacks was relatively easy. But owing to the growing sophistication in these attacks (thanks to advancements in technology), such attacks have become quite dangerous for the world population.
But what exactly is a DoS attack and how it is different from its variant DDoS attack. Let’s find out in this article.
Table of Contents
- What are DoS attacks and how are they performed?
- What is a DDoS attack and how is it different from a DoS attack?
- How do you protect your resources from DoS and DDoS attacks?
What are DoS attacks and how are they performed?
A Denial-of-Service attack is meant to shut down a network or machine with the intention of preventing the users from accessing it. A DoS attack is performed by flooding a server with traffic or information that leads to its crash. From this, you would have deduced that the aim of a DoS attack is to deprive legitimate users(maybe employees, users, or account holders) of the resources or website they are supposed to have access to.
Though DoS attacks do not necessarily mean theft of data or assets, they can cost the victim a great deal of time and deprivation of resources and money. A DoS attack is usually a system-on-system attack. i.e a single PC sends traffic to the target system.
There are two methods of DoS attacks -
- Buffer overflow attacks
This type of attack causes a buffer overflow in memory consuming most of the hard disk space, memory, and CPU time. This initially causes sluggish behavior of the application, ultimately crashing the system and denying its services to legitimate users.
- Flood attacks
Flood attacks are a type of DoS attack in which the attackers send high volumes of traffic to a network such that the network cannot even examine the permitted network traffic, shutting down as a result. For example, consider an ICMP attack where the system receives too many ICMP ping commands, making it use all of its resources to send a response to all of its pings.
What is a DDoS attack and how is it different from a DoS attack?
DDoS attacks aka Distributed Denial-of-Service attacks are carried out from different distributed locations using multiple systems. It is much faster compared to a conventional DoS attack and it is difficult to mitigate DDoS, as it involves multiple systems sending packets from different locations to the victim’s target system.
Think of a DDoS attack as a conventional DoS attack with the exception that attacks are performed from more than one system. The DDoS attack is performed through a botnet, which comprises several hundred computers. These computers are called slave computers as they are controlled by the attacker through a command and control server. This command and control server allows the attacker or botmaster to coordinate attacks against the target. Like DoS attacks, DDoS attacks generally fall into the following three categories
This is a classic type of DDoS attack. Volumetric attacks are the type of attack in which the network’s bandwidth resources are completely consumed by the attacker. As a result of the bandwidth completely being occupied by the attacker, it will no longer be available to accommodate legitimate user requests, depriving them of website resources.
Protocol attacks are initiated with the purpose of exhausting the network infrastructure resources such as firewalls, load balancers, and servers by bombarding the layer 3 and layer 4 protocol communications with malicious connection requests and network packets.
Application attacks in DDoS are initiated by exploiting the weakness in the application layer, in the OSI model of the computer networking system. Application DDoS attacks typically involve database access attacks, and user protocols such as FTP, SMTP, and telnet.
And a report by Radware sheds light on the average time duration of the impact of a DDoS attack on your enterprise or individual web resources:
- 60% of the DDoS attacks last less than a full day.
- 33% of the attacks keep all the services provided by the application unavailable, leading to downtime for at least an hour
- And about 15% last for about a month.
Having known the intensity of DDoS attacks, it's time to move to how to protect your resources from DoS and DDoS attacks.
How do you protect your resources from DoS and DDoS attacks?
- Prevent/block spoofing - Spoofing is the phenomenon of establishing communication from an unknown source, disguising itself as if it is from a trusted or known source. To avoid handshakes with such masked communication, check if the incoming traffic has a reliable source address and set of addresses as in the stated site of origin. Use filters to prevent dial-up connections from spoofing.
- Limit broadcasting - Attackers send malicious requests to every device on the network. So it is recommended to turn off the broadcast forwarding so as to limit the scope of the attacks.
- Streamline security incident response - Improving your incident response can help your security team to thwart or contain DDoS attacks.
- Use dedicated firewalls - Ensure that your firewalls limit the incoming and outcoming traffic across the perimeter of your network and use a network watcher to monitor all the incoming/outgoing traffic and resources to ensure a DDoS-free zone.
- Endpoint protection -Ensure that your network endpoints are patched up to detect and resolve common vulnerabilities. In addition to that, installing and running EDR(Endpoint Detection and Response) agents can help identify and respond to intrusions and other attacks.
- Buying more bandwidth - Buying more bandwidth can help contain regular DDoS attacks. However, purchasing more bandwidth is not a solution to DDoS attacks, but can buy you more time to reduce the intensity of the DDoS attack.
Dos and DDoS attacks are becoming more and more sophisticated today, Enterprises should use comprehensive strategies to take care of their networks, assets, and resources from them. Running EDR agents and using advanced monitoring and analytics can help prevent DoS and DDoS attacks to a greater extent.