What is a DDoS Attack?

Distributed Denial-of-Service (DDoS) Attacks are malicious attempts from multiple compromised computer systems. Once an attack starts, it can cause a denial of service for legitimate users of the targeted resource. The target can be a website, server, or another network resource. DDoS attacks send multiple requests to the target to exceed the website's capacity and prevent it from functioning correctly.

In a DDoS attack, the attacker infiltrates a computer, infecting it with malware, allowing it to be controlled remotely by an attacker. Once a computer is infiltrated, it is called a "bot." A group of these bots is called a "botnet." The attacker will direct the attack by sending remote instructions to each bot to generate traffic that can compromise the target by overwhelming it and knock it offline.

Cyber Attacker

How Do You Identify a DDoS Attack?

When a site or service suddenly becomes slow or unavailable, it can potentially be considered a DDoS attack. However, there are other reasons why this can happen and cannot be verified until a proper investigation is completed. Some traffic analytics tools can help you identify if a legitimate DDoS attack is occurring or has occurred.

It can often be hard to separate attack traffic from regular traffic because each bot comes from a legitimate internet device. However, if you are suspicious of a DDoS attack, check where the traffic originates for more clues about what might be happening. You can often identify some DDoS attacks when:

  • Significant amounts of traffic are originating from a single IP address or range.
  • A flood of traffic comes from users that share a single behavioral pattern.
  • An unexplained surge in requests to a single page occurs.
  • Odd traffic spikes at unnatural patterns are observed.
Cyber security, data protection, information privacy

Types of DDoS Attacks

TCP Connection Attacks

This type of DDoS attack uses all available connections to infrastructure devices like firewalls, application servers, and load-balancers.

Volumetric Attacks

These attacks only cause congestion by consuming the bandwidth within the target's network/service or between the network/service and the rest of the internet.

Fragmentation Attacks

These send floods of TCO or UIP fragments to the target, overwhelming the ability to re-assemble the streams and reducing performance.

Application Attacks

These dominate a specific aspect of an application or service. It is practical because it works by generating low traffic waves.

DNS Reflection

An attacker can send small requests to a DNS server and ask it to send the target an extensive reply. This allows the botnet to amplify as much as 70x in size, making it easier to overwhelm the target.

Charge Reflection

Most computers support an outdated testing service called Chargen that allows someone to ask a device to reply with a stream of random characters. Chargen is sometimes used to amplify DDoS attacks.

Why choose SET to prevent and defend from DDoS attacks?

Small Enterprise Technology can bring your organization's security to the higher standards that most large corporations are held to and require. Our proprietary policies and a proactive approach to working with clients provide you with peace of mind that your business is secure and prepared. To learn more about how SET can help your business, call or contact us today to get started!