Distributed Denial-of-Service (DDoS) Attacks are malicious attempts from multiple compromised computer systems. Once an attack starts, it can cause a denial of service for legitimate users of the targeted resource. The target can be a website, server, or another network resource. DDoS attacks send multiple requests to the target to exceed the website's capacity and prevent it from functioning correctly.
In a DDoS attack, the attacker infiltrates a computer, infecting it with malware, allowing it to be controlled remotely by an attacker. Once a computer is infiltrated, it is called a "bot." A group of these bots is called a "botnet." The attacker will direct the attack by sending remote instructions to each bot to generate traffic that can compromise the target by overwhelming it and knock it offline.
How Do You Identify a DDoS Attack?
When a site or service suddenly becomes slow or unavailable, it can potentially be considered a DDoS attack. However, there are other reasons why this can happen and cannot be verified until a proper investigation is completed. Some traffic analytics tools can help you identify if a legitimate DDoS attack is occurring or has occurred.
It can often be hard to separate attack traffic from regular traffic because each bot comes from a legitimate internet device. However, if you are suspicious of a DDoS attack, check where the traffic originates for more clues about what might be happening. You can often identify some DDoS attacks when:
Types of DDoS Attacks
TCP Connection Attacks
This type of DDoS attack uses all available connections to infrastructure devices like firewalls, application servers, and load-balancers.
These attacks only cause congestion by consuming the bandwidth within the target's network/service or between the network/service and the rest of the internet.
These send floods of TCO or UIP fragments to the target, overwhelming the ability to re-assemble the streams and reducing performance.
These dominate a specific aspect of an application or service. It is practical because it works by generating low traffic waves.
An attacker can send small requests to a DNS server and ask it to send the target an extensive reply. This allows the botnet to amplify as much as 70x in size, making it easier to overwhelm the target.
Most computers support an outdated testing service called Chargen that allows someone to ask a device to reply with a stream of random characters. Chargen is sometimes used to amplify DDoS attacks.
Why choose SET to prevent and defend from DDoS attacks?
Small Enterprise Technology can bring your organization's security to the higher standards that most large corporations are held to and require. Our proprietary policies and a proactive approach to working with clients provide you with peace of mind that your business is secure and prepared. To learn more about how SET can help your business, call or contact us today to get started!