Back when I used to play an MMORPG called Runescape back in the early 2010s one of the most dreaded things that could happen if someone got a hold of your IP address was the dreaded DDoS. You're walking through a dangerous area in the game and suddenly...
next thing you know, you log in and all the valuable pixels you spent hours accumulating are gone. Even though it's been years since I've had to fear losing my precious items to this, I've also noted similar attacks on websites ranging from large multimillion-dollar operations to small business websites. Now that we're finally going into the world of backend development and servers specifically, I thought I'd delve a little bit deeper into one of the most common forms of internet maliciousness.
A Denial of Service attack or a DoS is executed simply by overloading a server with fake requests and causing a severe slowdown or even complete crashing of response time. Though annoying a regular DoS is not a very big deal. Since it's originating from a single source it can be fairly easy to defend against by restricting access to that specific source. The DDoS, on the other hand, is carried by an army, which is what makes it so dangerous.
Before I go into the DDoS in more depth, I would like to talk about the Hug of Death, the DDoS's more docile but still just as a destructive cousin. Have you ever noticed that sometimes a website or application that is not very popular on a regular basis gets retweeted by a celebrity or ends up at the top Reddit. You'll click on the link and the site won't load or the app will crash. That is because usually this surge in users is not something said app or application is prepared for, resulting in the servers being overloaded and the site no longer able to function properly.
The DDoS is a malicious version of this. Although to emulate this large-scale attack, the attacker requires an army. This army can consist of servers, other people's computers, and even networks and is created by infecting said entities with malicious malware which allows the attacker to use these infected devices, to carry out their attack. This legion is known as a bot-net. Once in control of a bot-net, the attacker has to just coordinate which time they would like to execute the said attack, and if done with enough skill can bring down even the largest of websites.
There are 3 main types of DDoS attacks. They all work generally the same, which is by overloading the victim servers, but each has a few key differences.
Volumetric attacks
The volumetric attack is the most common type of DDoS attack. It overwhelms the network with fake data, slowing down the time in which the server can respond or killing it altogether.
“I’ll have one of everything, please call me back and repeat my whole order”.
It can be completed with very little effort and is generally a brute force attack. Two different targets of volumetric attacks are the UDP or the user data protocol which is the simplest form of data transfer. The other is the ICMP or internet control message protocol which network devices use to communicate with each other.
Protocol attacks
Protocol attacks target the part of the server that deals with identifying and verifying network connections. It can do things like sending slow or half-complete pings and can attack firewalls.
One specific type of protocol attack is called an SYN flood. This method abuses the "triple-handshake" method that some servers use to establish a connection with a client. The client sends an SYN or synchronization packet to the server, the server, in turn, sends an SYN-ACK or acknowledgment of this request, and then finally the client returns an ACK establishing a connection. In case of the attack, the attacking client sends loads of SYNs, which in turn are responded to with SYN ACKs from the server but no response is ever received from the client, hanging up resources.
Application attacks
Application attacks target the topmost layer of the OSI model, the application layer, that deals with most user interaction. These attacks target web traffic requests that use protocols such as HTTP, HTTPS, etc. This layer is where the webpage is generated and the attack can be hard to catch and differentiate because this attack comes from a lesser number of machines, which in turn can make it harder to tell it apart from regular traffic.
Defense from DDoS
Defending against DDoS attacks can be a tricky task. The biggest problem is differentiating normal traffic from malicious traffic and well-executed attacks can cost companies a lot of money and crash their site for hours and maybe even days. Also quite often you can't tell an attack is happening until it is already at your doorstep. With this in mind, the best way to defend against an attack like this is with preparation. Firewalls, VPNs, antispam filtering are server-side preparations that can be taken. Also having a clear protocol in place with a team dedicated to responding to attacks can be effective precautions.
You can also make sure your servers are spread out and have backup servers to route traffic in case of an attack. Hosting on the cloud is yet another way to mitigate the severity of an attack and often the cloud's massive bandwidth and dedicated team of professionals whose job it is to monitor traffic and spot minor changes in the way that traffic is flowing can also be very helpful.
sources:
DDoS Attack Explained by PowerCert Animated Videos
https://www.youtube.com/watch?v=ilhGh9CEIwM
What is a DDoS Attack? by IBM Cloud
https://www.youtube.com/watch?v=z503nLsfe5s
7 Tactics To Prevent DDoS Attacks & Keep Your Website Safe
https://phoenixnap.com/blog/prevent-ddos-attacks
What is a DDoS Attack?
https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/
Top comments (1)
When my friend Daryl was a DJ at WTUL, we used to take pride in crashing the server by getting all our friends to listen to the online stream.