DDoS (Distributed Denial of Service) attacks are basically malicious attempts to disrupt normal traffic on a server, service or network. This is done with the initial objective of making them unavailable to end users.
Once these attempts succeed in impacting an organization’s cyber security, these affected resources are usually then used to massively distribute malware to other devices.
When an attacker succeeds in gaining control of a network where several devices are connected, he begins to distribute malware through them. This creates a kind of botnet, which is commonly known as a botnet.
Once the botnet is established, the attacker can send malicious requests to other networks or target IPs. This causes a denial of service on such normal traffic. It is usually difficult to identify a bot, since it comes from an existing device.
Types of DDoS attacks
Denial of service attacks consist of constantly attacking network resources, using one or more categories. Some often combine sophisticated techniques using different vectors. The categories that are used to carry out these attacks are
- Volume based attacks - Massive amounts of traffic are sent until the bandwidth is collapsed.
- Protocol-based attacks - These focus on searching for vulnerabilities in server resources and eventually exploiting them.
- Attacks by web applications - These are the most sophisticated attacks, since they focus on certain web applications.
- Attacks by TCP connections - They find vulnerabilities in TCP connections and then flood the web server with traffic.
Fragmentation attacks - occur when the process of fragmentation of datagrams, in which an IP is divided into smaller packets, is exploited. During the attack, malicious spoofed packets are injected that will eventually collapse the server.
Some tips to prevent DDoS attacks
Because detection of distributed denial of service attacks is more complex to identify than a virus, a variety of strategies must be applied to prevent them:
Limit the rate of requests
Limiting the number of requests that a server will accept during a given time is a good way to mitigate denial of service attacks. It should be clear that limiting the speed of requests slows down the work of web-scrapers. It also reduces brute force attempts to log in. Applying it as the only solution will be insufficient to prevent a DDoS attack.
Implementing a Web Application Firewall
A Web Application Firewall is a tool that can be useful in mitigating Layer 7 DDoS attacks. By implementing the WAF (Web Application Firewall) between the Internet and the source server, it can serve as a reverse proxy. It protects the target server from numerous types of malicious traffic.
By filtering requests using a set of rules to identify tools used in DDoS attacks, Layer 7 attacks can be prevented. One of the main features of the WAF is its ability to quickly implement custom rules in response to an attack.
Applied Anycast networks
Applying an Anycast network mitigates denial of service attacks by dispersing malicious traffic through a network of servers to an external network. This is very similar to channeling a river through smaller, separate channels. This traffic becomes manageable and can be carried to a river mouth without affecting the environment.
It is important to note that the effectiveness of an Anycast network will depend on the size of the attack and the efficiency of the internal network.
What to do if you are a victim of a Anycast attack?
If your organization has been the victim of a denial of service attack and therefore cyber security is compromised, there are several measures that can be taken. Some of them are:
Eliminate infections on individually compromised devices with security software. Isolate and secure traffic using subnets, firewall rules and carefully manage access and identification on the network.
- Apply blackhole network filtering/routing
- Deploy instances without public IP’s
- Enable proxy-based load balancing.
Fortunately, there are many companies in the market that offer protection services against DDoS attacks. Either from the cloud or through security solutions. In any case, a combination of techniques must be applied to mitigate, as far as possible, attacks on the network.