Indeed it will have happened to you at least once to try to connect to a site without succeeding. Usually, the cause is a connectivity problem on your device, but sometimes it can be excess traffic on the web page. This clogging can be natural, for example, due to a high concentration of users on the site, or it can be the result of a DoS (Denial of Service, literally “service interruption”) attack.
A cyber threat is as simple to put into practice as it is effective: capable of putting a company, or critical infrastructures such as hospitals and airports, in a few seconds. According to the latest data, it is among the attacks that hit a company every five minutes, along with malware and ransomware.
What’s It About
To understand a DDoS attack, you must first understand the less sophisticated version: the DoS. It is an action whose objective is to regulate the resources of a computer system that provides a specific service to connected computers. It does this by targeting servers, distribution networks, or data centers that are inundated with fake access requests, which they cannot cope with. DDoS work the same way, but they happen on a much larger scale.
In the case of Dos, it is necessary to defend against a single source of IT traffic: for example, a large number of emails arriving at the same time. While during DDoS attacks, the bogus questions come at the same time from multiple sources. All this determines the greater effectiveness of the tool, which needs less time to work. On the other hand, the disastrous effects last longer: from a few hours to several days, depending on the readiness with which one reacts.
Types Of DDoS Attacks
DDoS attacks can be grouped into four macro-categories.
Attacks On The TCP Connection
In this case, the hackers exploit the features of the TCP protocol (an acronym for Transmission Control Protocol ) to quickly saturate the network resources of the target of the offensive, be it a data center or a distribution network. In particular, the botnet floods the server with connection requests without concluding the process. In this way, the computer system’s resources run out quickly, making it impossible for any user to access the contents.
These aim to saturate the communication band available to a node of the network by sending, at the same time, a large number of requests for access to the most varied contents. In this way, the hackers create an abnormal and unmanageable volume of traffic, so much so that the server or the distribution network are forced to refuse any other connection attempt.
Instead of aiming to saturate the network, these DDoS attacks try to consume all the computing resources of the computer system with a rather clever trick. The access requests that arrive are not complete but fragmented (hence the name): the server or distribution network uses a large part of its computing power in an attempt to reconstruct incomplete packets without ever succeeding.
Sometimes, however, to make a server unusable, it is unnecessary to attack the entire infrastructure. It is sufficient to exploit a flaw or a particular malfunction of one of the applications that allow it to function to make it unstable and, consequently, unusable. This is the case of application attacks that aim to KO a server or a distribution network by hitting them in particular weak points.
How To Defend Against A DDoS Attack
99.99% of the targets of DDoS attacks are aimed at large companies. The reasons why some web services are targeted are various: blackmail, activism, unfair competition. The fact is that DDoS attacks are almost exclusively a problem of large companies that provide services or sell products online. These companies have several ways to protect themselves from DDoS attacks, the main ones being:
3. Redundancy: Most large enterprises use an overestimated amount of hardware and bandwidth resources, so they can handle traffic spikes and limit damage in the event of a DDoS attack.
These features are handy, but they do not entirely solve the problem: the effectiveness of a DDoS attack can be reduced by these security measures, but it remains directly proportional to the extent of the botnet used. Consequently, the only way to avoid these attacks would be to prevent the spread of the malware that creates botnets.