MilesWeb
Leading Web Hosting Provider in India Since 2012.
Award-winning Web Hosting Company
Everything that you need to build, host and manage a website is available at just 99/mo

Do You Really Know Everything About The DDoS Attack?

The article includes the information on DDoS attack as below:

What is a DDoS Attack?
Working of a DDoS Attack
What is the Motivation behind a DDoS Attack?
Statistics of DDoS Attacks in 2017
Common Types of DDoS Attacks
Top 5 DDoS Protection Solutions
How MilesWeb’s Cloudbric Website Security Solution helps to mitigate the DDoS attack?
Tips for Fighting DDoS Attacks

DDoS attack – the word itself signifies that it a quite suspicious attack that many businesses aren’t aware of still. With the continual enhancement in technology, the number of DDoS attacks has already crossed the sky-limit. Though the acronym “DDoS” has become common in the social media and news outlets today, it is important for businesses to learn about it in deep.

Many of you might simply know it as “Distributed Denial of Service Attack”. Yes, that’s correct, but what actually happens in the attack? Every business owner loves his/her website when there’s huge traffic generated but do you know that can be a DDoS attack too?

What is a DDoS Attack?

DDoS is a malicious attempt of multiple compromised computer systems to attack the normal traffic of a targeted server, causing denial of service for users of the server. The compromised devices are distributed globally and are known as botnets.

Working of a DDoS Attack

Once the attacker establishes a botnet, he directs the machines by sending updated instructions to each bot through the remote control method. Then the botnet target the IP address of the victim and each bot responds by sending requests to the target. Due to this the targeted server or network overflows capacity, resulting into the denial-of-service to the regular traffic. As each bot is a valid internet device, the attack traffic can’t be separated from the regular traffic.

What is the Motivation behind a DDoS Attack?

Attackers prime motivation behind the attack can be one of the below :

  • Business Conflicts – Businesses can use DDoS attacks for taking down the competitor websites during peak season or to avoid their participation in a certain event like Cyber Monday.
  • Ideology – The hacktivists use DDoS attacks for targeting the websites which doesn’t agree to their ideology.
  • Boredom – Some cyber vandals also known as “script-kiddies” use the prewritten scripts to launch DDoS attacks. The attack prepetrators are typically bored and can be the hackers that want to simply play a game on someone.
  • Cyber Warfare – The government uses DDoS attacks to cripple the opposition websites and also the infrastructure of the enemy’s country.
  • Extortion – DDoS attacks are also used as a means of extorting money from their targets.

Statistics of DDoS Attacks in 2017

As compared to other threats, #DDoS attacks are becoming the most prevalent type of #CyberThreat that saw a rapid growth since last year in terms of number as well as volumes as per the market research. Click To Tweet
  • The Kaspersky’s market research report states that the DDoS attacks have increased to 91% in 2017 and in Q3 2017, organizations faced an average of 237 DDoS attack attempts per month.
  • In Q4 2017, the longest DDoS attack lasted for about 146 hours (just more than 6 days). This duration of attack was shorter as compared to the previous quarter’s record of 215 hours (almost nine days). But the actual longest attack of 2017 lasted for about 277 hours which was registered in Q2.
  • Windows OS was set as a base for creating a botnet once but in 2017, it went down noticeably and the share of Linux-based botnets improved proportionally. Therefore, there was an increased activity on dummy Linux servers (honeypot traps) in 2017 on the days prior and after Black Friday and Cyber Monday, which lasted until the start of December.
  • The pre-holiday weeks act as the period of incubation for the growth of cybercriminals for two reasons – firstly, since the users are less discerning and more likely to “surrender” their devices to intruders; secondly the fast spending idea, helps the attackers to blackmail the Internet companies with lost profit or to offer anyone’s services online with an ease, instead of struggling hard.
  • The most common attack method was SYN DDoS in 2017 while the least popular was ICMP DDoS. As per the Kaspersky DDoS Protection data, there was rise in the frequency of multi-method attacks.

Common Types of DDoS Attacks

On a broader perspective, there are three types of DDoS attacks as below :

Volume Based or Volumetric Attacks

The goal of this type of attack is to create saturation by consuming all the bandwidth available on the targeted site. The magnitude of attack is measured in bits per second (Bps).

Protocol Attacks

Also termed as state-exhaustion attacks, the goal of protocol attacks is to cause disruption of a service by consuming the actual server resources or those of the intermediate communication tools like load balancers and firewalls. The magnitude is measured in packets per second (Pps).

Application Layer Attacks

It is sometimes referred to as a layer 7 DDoS attack, the goal of these attacks is to exhaust the resources of the targets causing the web server to crash. The magnitude is measured in requests per second (Rps).

Below are some common types of DDoS attacks :

1. UDP Flood 

The User Diagram Protocol (UDP), a sessionless networking protocol, floods random ports on a remote host. Therefore, the host repeatedly checks for the application listening at those ports and reports back with an ICMP packet. This process destroys the resources of the host, causing inaccessibility.

2. ICMP (Ping) Flood

In ICMP flood attack, the target resource is overwhelmed with ICMP Echo Request (ping) packets rapidly without waiting for the replies. In this type of attack, both outgoing and incoming bandwidth is consumed, since the server of victim will often attempt to respond with ICMP Echo Reply packets resulting in a significant complete system slowdown.

3. SYN Flood

The TCP connection sequence is exploited by the SYN flood attack that is known as three-way handshake. A synchronized (SYN) message is received on the host’s machine to start with the “handshake”. The request is acknowledged by the server by sending the acknowledgement (ACK) flag to the initial host and waits for the connection to be closed. The connection will get completed when the requesting machine will close the connection. In an SYN flood, spoofed requests are sent and server responds with an ACK packet to complete the TCP connection but the connection is allowed to timeout, instead of closing it. Therefore, the server resources get exhausted and the server goes offline.

4. Ping of Death

A denial of service attack wherein the attacker sends multiple malicious or malformed pings to a computer is called as Ping of Death attack. The maximum packet length of an IP packet is 65,535 bytes. In this attack, when the recipient follows malicious manipulation of fragment content, he/she ends up with an IP packet that is larger than 65,535 bytes when reassembled. Due to this, memory buffers allocated for the packet can overflow, causing denial of service for legitimate packets.

5. Slowloris

A highly targeted attack, Slowloris enables one web server to take down another server, without having an effect on other services or ports on the target network. This is done by holding maximum connections to the target web server open for as long as possible. The target machine will open with partial requests and is permitted to stay open for maximum time. HTTP headers will also be sent at certain intervals by the target machine. Due to this the requests will increase but won’t be complete – keeping them open for longer time until the target website isn’t able to stay online.

6. NTP Amplification

In NTP Amplification attack, the publically-accessible Network Time Protocol (NTP) servers are exploited to destroy a targeted server with UDP traffic. The attack is termed as an amplification assault due to the query-to-response ratio which is anywhere between 1:20 and 1:200 or more. From this scenario, one thing is for sure that any attacker obtaining the list of open NTP servers can easily produce a overwhelming high-bandwidth, high-volume denial of service attack.

7. HTTP Flood

In this attack, seemingly-legitimate HTTP GET or POST requests are exploited to attack a web application or server. No malformed pockets, reflection or spooking techniques are used by HTTP floods and need less bandwidth as compared to other attacks to bring down the targeted server or site. When the server or application is forced to assign maximum resources possible in response to each single request, the attack is highly effective at that time.

8. Zero-day DDoS Attack

Zero-day attacks are referred to those attacks that are completely new DDoS attack methods that exploit vulnerabilities which haven’t been patched yet. This term is popular among the hacker community members, since, the zero-day vulnerabilities trading practice has become a popular activity.

Top 5 DDoS Protection Solutions

1. Incapsula

Incapsula’s DDoS Protection is a very reliable solution that offers complete protection from all types of application and network level DDoS attacks. There is automatic filtration of traffic for transparent mitigation and depends on a 2Tbps network backbone for instant overprovisioning.

With Incapsula you can secure your website against the most fierce and dangerous types of DDoS attacks without hampering your business. The cloud-based service enables your online business to keep up and live even in the event of attack and the visitors won’t even be able to detect any malicious activity going on.

Incapsula offers real-time dashboards that permit you to monitor and analyze attacks as they happen. Their advanced technologies help to minimize the number of false positives and avoid alerts when the threads aren’t active

2. Cloudbric

An anti-DDoS tool, Cloudbric is useful to all types businesses and individuals with a website or domain, irrespective of the web host provider. Cloudbric can be activated on your website within a minute with just a simple DNS setting.

Your website gets surrounded by a shield to filter malicious attacks. Companies like Samsung, eBay, ING and others use Cloudbric to protect their websites. The intuitive user interface is quite easy to understand and its dashboard displays essential information clearly so that the user can spot any problems rapidly.

3. Cloudfare

With Cloudflare, your computer remains DDoS-proof protecting it against threats targeting ICMP and UDP protocols, SYN/ACK, DNS and NTP amplification and Layer 7 attacks. The company that created this tool, Cloudflare Inc. has proudly confirmed that its software has secured users against sustained attacks of more than 400Gbps.

All attack traffic is routed by Cloudflare via its global data centers’ network, decreasing its impact on your website. After the attack traffic gets diverted, the tool influences the network as well as infrastructure’s significant global capacity it depends on, for absorbing the attack traffic floods.

This tool automatically learns from attacks that it needs to protect all its customers against the threats.

4. BeeThink anti-DDoS Guardian

BeeThink anti-DDoS Guardian tool protects your Windows servers against the most common DDoS/DoS attacks like IP flood, SYN attacks, TCP flood, ICMP flood, UDP flood, Layer 7 attacks and many more.

Being light and robust, this DDoS protection software can be easily deployed on your Windows server.  Additionally, BeeThink anti-DDoS tool is highly compatible with Windows 7, Windows 8, Windows 10, Windows 2000, Windows 2003, Windows 2012, Windows 2016, Windows XP and Vista.

Other features of this tool are automatically updates IP list; monitors real-time network activities; supports multiple IP list formats, such as Apache’s .htaccess; support IP blacklist and whitelist; supports exceptional rules; looks up remote IP addresses and ownership information and runs anti DDos Guardian as Windows service.

5. StormWall Pro

An advanced anti-DDoS protection tool, StormWall Pro helps to defend your website against most severe attacks. It can block all types of DDoS attacks and completely supports Joomla, Drupal, WordPress, Magento, Bitrix, PrestaShop, and other CMS products.

Since its present in US, Europe and Russia, clients all over the world face minimal latency. StormWall is simple to use and it just takes few minutes to can connect and enable protection. Also, there are engineers of StormWall that will help you in everything.

Additionally, if there is any technical issue, it can get resolved instantly through chat mostly.

How MilesWeb’s Cloudbric Website Security Solution helps to mitigate the DDoS attack?

MilesWeb has partnered with Cloud Website Security Solutions that helps your website in mitigating all types of attacks.

Cloudbric is the perfect solution for the users concerned about their website security that blocks the website attacks accurately and is also trusted by the industry leaders. When your website is secured with Cloudbric, it blocks the botnet traffic and stops the attack with its intelligent detection potential. It’s unfortunate that your website won’t be the victim of DDoS attack but to avoid your website being compromised its essential to add your website to Cloudbric.

The advanced DDoS solution of Cloudbric, protects your website against the most common one to complicated multi-vector and application layer attacks like Slowloris and R-U-Dead-Yet (RUDY).

Other attacks blocked by Cloudbric are –

TCP SYN Floods                                            Slowloris                                                  DNS NXDomain Floods

TCP FIN Floods                                             TCP Syn Spoofed                                    HTTP Cache Control

TCP RST Floods                                             ICMP Floods                                           HTTP SSL Saturation

HTTP GET Floods                                          HTTP HEAD Floods                                Amplified DNS DDoS

HTTP Post Floods                                         Brute Force                                             RUDY

HTTP XMLRPC PingBack attacks                TCP Ack Floods                                      Smurf

TCP Fragment attacks                                 Ping of Death                                         As well as other attack

Tips for Fighting DDoS Attacks

1. Early Identification of a DDoS Attack

When a server is monitored by you, it is important to identify when you would be under any attack. This is because as soon as you identify the attack was a DDoS attack, you will be able to start securing your website immediately.

For this, you need to have an idea about the typical inbound traffic profile on your website as the more familiar you are with your normal website traffic profile, the most easy it would be to spot when the profile changes. Since most DDoS attacks start with sharp spikes in traffic, it’s easy to detect the difference between a sudden rush of genuine visitors and the start of a DDoS attack.

It would be better to nominate a DDoS leader in your company who will be responsible for acting while your website is under attack.

2. Overprovision Bandwidth

It’s always good to have extra bandwidth available to your web server as compared to your regular bandwidth. This will help in accommodation of sudden and unexpected spikes in traffic which can result due a special offer, an advertising campaign or even mention of your company in the media.

Though having extra bandwidth won’t stop a DDoS attack, it may at least give you extra minutes to act prior to your resources get exhausted.

3. Defend at Network Perimeter

Some technical measures which can be taken to partially mitigate the attack’s effect – especially in first few minutes and also, some issues are quite simple to resolve. For example, when you run your won server, you can do the following :

      • Specify a limit your router to prevent your web server being inundated.
      • Add filters for helping your router to drop packets from evident attack sources.
      • Break half-open connections in a more aggressive manner.
      • Plunge malformed or spoofed packages.
      • Set SYN, ICMP and UDP flood drop thresholds at lower rate.

But today these steps aren’t quite effective as the DDoS attacks today are too large for these measures to have any major impact. One thing is for sure that you may get little time as a DDoS attack inclines.

4. Call Your Hosting Provider or ISP

You can always call your web host provider or ISP, if you are hosting your server and notify them about the DDoS attack. The ISP or the host provider may have already detected the attack, depending on the attack’s strength or they may themselves start to overcome the attack.

There’s a greater chance of DDoS attack when you are hosting your server as compared to running it yourself.  The reason behind this is, the data center will have far higher bandwidth links and higher capacity routers in comparison to your company has itself and its staff will be expertise in dealing with attacks. When your server is located in a datacenter, the DDoS traffic won’t affect your corporate LAN and so that part of your business including email and voice over IP services will operate normally in the attack event.

When a DDoS attack is large, the first thing an ISP or hosting company will do is “null route” your traffic, resulting in dropping of packets meant for your web server prior to they arrive.

5. Contact the DDoS Support Specialist

When the attack is large, it’s better to call a specialist DDoS mitigation company for keeping your website live. Their large scale infrastructure and varied technologies like data scrubbing, helps to keep your website online. You can contact the DDoS mitigation company directly or your hosting provider or ISP may have a signed an agreement with one of them to tackle big attacks.

DDoS mitigation services aren’t free and so it depends on you that you want to pay to stay online or take risk of the attack. It may cost few hundred dollars a month to subscribe to a DDoS mitigation service on an ongoing basis.

6. A DDoS Playbook Creation

Creating a playbook, documenting every step of a pre-planned response to a DDoS attack in details, when it’s detected is one of the best ways to quickly and effectively react to a DDoS attack.

This playbook should include the actions in details, with contact names and numbers of all those who may require to be brought in action as a part of the playbook’s plan. DDoS mitigation companies can assist in creating a playbook by operating a fake DDoS attack which will enable you to develop and filter a fast corporate practice for dealing with a real attack.

You shouldn’t overlook on the communication with the customers about the problems if you have a planned response of the DDoS attack. No DDoS attack lasts longer than 24 hours and a helpful communication is the key to ensure that the cost to your business is decreased when you remain under the attack.

So, this is a complete guide on DDoS attacks which will helps you to understand the working of a DDoS attack as well as the types of common DDoS attacks. Also, the tips mentioned in the article will help you to have few minutes prior to your resources get exhausted.

Pallavi Godse

Pallavi is a Digital Marketing Executive at MilesWeb and has an experience of over 4 years in content development. She is interested in writing engaging content on business, technology, web hosting and other topics related to information technology.

Leave a Reply

Your email address will not be published. Required fields are marked *