How DDoS Attacks Really Work!

A distributed denial of service (DDoS) attack is when there is a flood of traffic to a particular service or network making it impossible for actual users is operate with the service or the network. A great common analogy for a DDoS attack would be if a bunch of people ran into a store and didn’t buy anything but took up so much space that an actual customer would not be able to gain access through the entrance of the store. Which would make the actual customer have to leave the premises to go to another store, which would hurt the original store’s business.

 

An actual DDoS attack requires a lot of planning to be able to execute the attack properly. One way to perform the attack is for the attacker to gain access to network of other online machines that were infected with malware giving the attacker control over the infected computers. Once the attack has established a botnet which is a network of computers that the attacker now has control over. Then the attacker can send instructions to each infected computer to direct them to the service or network that the attacker wants to disrupt. Afterwards each compromised computer will send requests to the service or network all at the same time each request will look valid because it is coming from individual computers just on a large scale. This would then cause an overflow of requests, and if there is an overflow of requests then it will deny service to real people trying to use the service.

 

DDoS attacks are very loud, usually garner a lot of media attention and DDoS attacks are the most common cyber attack and continues to increase the amount of DDoS attacks every year by 125%. Some real-world examples of DDoS attacks are one being the GitHub DDoS attack that occurred relatively recently. February 28, 2018 a DDoS attack set a ridiculous record, GitHub received an insane amount of traffic within the span of roughly five minutes. There was so much traffic that GitHub recorded that there were 1.35 terabits per second making it the largest DDoS attack ever recorded. When GitHub traced the traffic back it came to over a thousand computers executing the attack. Another attack was during occupy central in Hong Kong when people were protesting for a more democratic voting system. This movement had occupy central web hosting service, and two sites Pop vote and a news site called apple daily. The DDoS attack hit the service as well as the two sites using five botnets to try to shutdown their online presence. The traffic levels during this attack hit 500 gigabits per second. Another DDoS attack was committed against Cloudflare which is a security provider that got 400 gigabits per second of traffic on their site. This attack in particular was only directed toward a customer, but it was such a large attack that it affected the Cloudflare network. The attacker used a method called reflection to mirror the traffic as well as amplify without having to use any botnets.

 

Protecting your business or network from a DDoS attack is not an easy task as these types of attacks are difficult to differentiate against real traffic. To help protect against a DDoS attack it is a multiple step process and there is no one size fits all solution, but these are some things that could help protect your network. Always look for new ways to add to your security when it becomes so that your company is constantly adapting and updating security to avoid vulnerabilities. Another good practice when defending against a DDoS attack is to have a laid-out plan when an attack of that size happens what should each person be doing to help mitigate the damage of the attack. A good line of defense against a DDoS attack is to have a web-based application firewall this is used to hopefully detect any suspicious traffic going through your network. Another good way to mitigate the damage of a DDoS attack is to use cloud services that would be able to have far better security than your business. Another good way to minimize the damage of a DDoS attack is to put all network devices on a dedicated safe zone behind a firewall.

 

Distributed denial of service attacks are the most common cyber attacks and are some of the most difficult to defend against. There are plenty of ways to perform this type of attack, but all involve basically flooding a service with traffic and causing the service to crash. There are many examples of these attacks and these attacks only get more frequent after each year, which is why it is imperative to protect your network so that you do not become a victim of a DDoS attack. Some of the most important things you should do to protect your network is get a web-based application firewall to help monitor the traffic on the network and if any suspicious activity arises the firewall can hopefully stop it. Another way to protect your network is put all devices connected to the network on a dedicated safe zone behind a firewall so that the devices do not get compromised during a DDoS attack to help mitigate any damage.