What is a DDoS attack? How does DDoS work?

Today, every piece of information we share on the internet is being saved somewhere on the server. It is very important to keep servers alive to access that information. Some information can be shared with anyone but some of them are very important for us and we can’t let anyone know. Hackers always try to get private information to do their dirty work.

But, Hacking is not just about stealing information. When hackers do not get success in stealing, they try to destroy the whole server. In this case, we may lose all the information on the server if we don’t have any backup or a proper defense.

What Is a DDoS attack?

Nowadays, we hear a lot about attacks on gaming networks, news websites, bank websites, etc. And when I write about those attacks I mention one term that is ‘DDoS’. Many readers may have already known about ‘DDoS’ attacks but many of them are still not aware and they always ask me: What is DDoS?

So in this article, I am going to explain everything you need to know about DDoS attacks. If you will have any questions, you can ask in the comment section.

Distributed denial of service (DDoS) attack refers to the attempt to make online service unavailable through overwhelming it with traffic from numerous sources. DDoS attack targets a wide range of important resources including news websites, banks, and many more. They pose a challenge to people’s attempts to access or publish important information.

A decade ago, DDOS was only a basic attack that trying to overwhelm connection with traffic with the aim of taking a certain web property offline. When leading web experts began fighting DDoS attacks in the year 2000, the flood attacks ranged at 400 Mbps but as we speak they exceed 100 Gbps.

The attackers build a network of infected computers called botnet and spread the malicious software through websites, emails, and social media. The machines are capable of being controlled remotely once infected without the knowledge of the owners. These machines are then used as the army in launching an attack against the target. Some botnets are as strong as millions of machines.

The floods are generated in numerous ways including sending more connection requests that exceed what a server can handle. They can also be generated by having the computers send to the victim a huge volume of random data with the intention of using up the target’s bandwidth. Some DDOS attacks are so huge that they can max out the whole country’s international cable capacity.

Specialized online marketers exist who buy and sell individual DDoS attacks or botnet. By using these marketplaces, anyone can pay some fee in order to silence websites that they disagree with or to bring to complete halt online operations of a particular organization. A week-long DDoS attack for instance that is capable of bringing a small firm offline could cost as little as $200.

Beyond the democratization of DDoS attacks are the advanced techniques and targets. Today DDoS involves a series of attacks targeting multiple devices that consist of the organization’s security infrastructure as opposed to targeting connection bandwidth only. They include various applications and firewall or IPS devices that organizations rely on such as DNS, SMTP, VOIP, HTTPS, and HTTP.

The latest version of the DDOS attack is the common multi-vector attack that combines flood, state exhaustion, and application attacks against the infrastructure devices in a sustained single attack. These attacks have gained popularity due to their effectiveness and the fact that they are hard to defend against.

Today’s new realities of DDOS attacks require new approaches to defense. Network experts have been at the forefront in looking for ways to combat DDOS attacks for some years now. The best defensive mechanism against the modern DDOS attack is the layered approach combining cloud-based protection and on-premise. With this type of protection, you are guaranteed 100% security for your organization against the entire spectrum of DDOS attacks.

A digital attack map is also ideal for protection against a DDOS attack because it displays global DDOS activities on any particular day. It displays the attacks as dotted lines that are scaled to size and stored in line with their source and the destination countries of attack traffic when they are known.

8 thoughts on “What is a DDoS attack? How does DDoS work?”

  1. Nice article.

    My experience with firewalls has shown me the difference between cheap device (home router with firewall built in) and a CISCO or Watchguard firewall with two fans inside and more processing power. The bigger the firewall or router the more it can take (up to the bandwidth limit) So, a $24,000 CISCO router used for Telco/internet provider application between cities is pretty hard to congest, while a small business sized one is easy. They can even get hot and meltdown.

    Many firewalls have defences built in such as SYN flood, Smurf attack, ping deflector and stealth settings. However, a DDOS can take down some pretty big sites and servers as we seen.

    There are defence strategies such as DNS changes to a new IP to route the DOS to another IP, even back to the source, or your favorite enemy haha (assuming they are attacking the domain name and not the IP)

    Otherwise, most organizations (like mine) have redundant connections and IP’s. Often, you keep the redundant ones stealthy and only used for backup internet or for VOIP. So, in an attack, you can reroute everything to this line and keep it quiet by not hosting sites, or any services that will get it discovered by the attacker. Kinda like staying in the bomb shelter until the bombing is over, but you still have everything you need to keep operating.

    All else fails, you can call your ISP and explain and they might b able to issue a new temporary IP and the attack will stop. However, you make noise to notify the attacker again such as a website that back up, they will aim the DDOS at the new IP. YOu want them to think its working and you are down. Stay down, while you redirect traffic to the redundant line that never gets used and nobody knows the IP of.

    How they reposition the attack to new IPs lets you know their location or if they are internally monitoring you or what. Sometimes its an insider who is tipping them off because they are botnetted, or some other internet application. Like a staff member who is tweeting while this going on and the attacker is watching his tweets to see what you are up to and how its affecting you haha.

    Reply
  2. The content of this article is very good and informative. However, there are a ton of grammatical mistakes in the article…

    Reply
  3. in order that we all become better at preventing ddos, i think u should write an article that teaches how to initiate a ddos attack and prevention. or better still direct us to a site that provides such a link

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.