What is a DDoS attack? The meaning and 5 main types

DDoS attack

DDoS Attack stands for Distributed Denial of Service.

Imagine you own a coffee shop. One day he opens his business and a large number of people walk through his doors. A busy day, you think, is good for business. Well, it is true that it will be a very busy day, but it will not be good for business. People sit at their tables, but they don’t ask for anything. They keep coming in, taking up space, and making it difficult for their real customers to buy anything. Eventually, crowding will end up blocking the entrance to your store and preventing your legitimate customers from being served.

This is what a DDoS attack would look like if it happened in real life.

Summary:  A DDoS attack is designed to shut down web pages and computer networks. It is a form of cyber crime that sends continuous torrents of fake traffic to online services, such as web pages, until they are paralyzed or broken. It is difficult to stop them and even the largest pages have been the victims of these attacks in the past. Read on to learn more about the most common DDoS attacks.

  • What is a DDoS attack?
  • Types of DDoS tacks that exist
  • The 5 most common DDoS attacks
  • How to protect your computer from botnet malware

What is a DDoS attack?

The DDoS attack is an acronym for Distributed Denial of Service. It makes the online service unavailable by bombarding it with traffic from different sources.

It is a type of Denial of Service (DoS) attack, which comes from a single source: just a network connection or a compromised device. DDoS attacks, by comparison, are attacks that come from multiple sources.

In essence, a Denial of Service attack is any method that prevents real clients from accessing network resources. The cafeteria example can be applied to any type of resource on the network: a game server or a web page, for example.

When the server or page is being targeted by a DDos attack, they will be unable to serve its real purpose. As the attack overloads that page or game server with fake traffic, the real traffic, people who want to join the game or visit the web page, will not be able to do so.

Most DDos attacks are implemented through “botnets”, a botnet, or a network of dangerous devices connected to the internet, controlled by a hacker. The number of botnets can vary from a few devices to millions of them. Worse still, since most botnets are invaded resources, the actual owners of these devices do not even know that they are using them to carry out DDos attacks.

Multiplying the sources of attacks amplifies the effectiveness of the attack, while helping to hide the identity of the perpetrator.

Types of DDoS attacks?

To better understand how to stop a DDoS attack, you will need to understand what the different types are. DDos attacks fall into three broad categories, depending on where the attack is headed:

  1. Volume Attacks –  As the name suggests, these types of DDoS attacks take advantage of volumes. Volume-based DDoS attacks are also called “floods.” This is the most basic type and the very definition of a DDoS attack.
  2. Protocol attacks  – These types of DDoS attacks focus on sending waves of bots to specific protocols: for example, load balancers, firewalls or the internet servers that make up the network resources they are trying to bring down.
  3. Application attacks  – They are considered the most serious and sophisticated type of DDoS attack. These attacks target internet applications by exploiting their vulnerabilities. Also called “Layer 7 attacks”, attacks on applications still work the same way, but they require much less brute force because they focus on the weak points of the attacked servers. Much less bot traffic is needed to monopolize specific processes and protocols from these weak spots. The attack is also much more difficult to detect because the low volume of traffic it generates can appear legitimate.

The 5 most commonly used DDoS attacks

The most common DDoS attacks come from the three categories mentioned above:

  1. UDP (User Datagram Protocol) flood

Applications use communication protocols to connect over the internet. The most commonly used protocols are Transmission Control Protocols (TCP or sometimes TCP / IP, IP stands for Internet Protocol) or User Datagram Protocol (UDP or UDP / IP). They send data packets to the internet to establish connections and send data correctly.

A UDP flood is exactly what you would expect: a DDoS attack on UDP.

The perpetrator sends the target UDP packets with false information — the targeted network resource will be unable to match the UDP packet with the right associated applications, and will return an error message. Repeat this enough times and the system can become overwhelmed, ultimately becoming unresponsive.

The author sends packets with false information to the attacked UDP, the attacked network resources will not be able to match the UDP packet with the successful partner applications, and will return an error message. Repeat this enough times and the system will overload, until it is bypassed.

  1. DNS flooding (Domain Name Server)

Domain Name Servers (DNS) are computer servers that translate web page URLs into their real IP addresses. For example, when you visit Facebook to connect with your friends and family, you type Facebook [.] Com in your browser. What you are really telling your computer is to go to one of Facebook’s IP addresses (Facebook has many, as it has to host a lot of traffic). One of Facebook’s IP addresses is 66.220.144.0.

DNS servers translate the names you know from web pages into their actual IP addresses.

So what if you use a DDoS attack to flood your DNS servers so they can’t perform this function? This is exactly the point of the DNS flood.

  1. SYN (Synchronize) flood

A SYN request is part of a three-way connection sequence process through TCP (Technical Cooperation Projects). Don’t worry, this may sound very technical, but it’s pretty straightforward:

First, a SYN (synchronization) request is sent to a host. The host then returns a SYN-ACK (sync-awareness) response. The host that has requested a three-way sequence then ends the protocol with an ACK (knowledge) response. What this process allows is for two hosts or two computers to negotiate how they will communicate to move on.

A SYN flood paralyzes the three-way sequencing process in the first place. The attacker sends multiple SYN requests, either from a fake IP address, or simply does not respond to the SYN-ACK request from the attacked system. The attacked system continues to wait for the last step in the three-way sequence, the ACK response, for each request.

This is done with enough speed and volume until the resources of the attacked system are clogged, until no new connections can be made, and as a result the denial of service is obtained.

  1. HTTP flood

HTTP stands for Hypertext Transfer Protocol, and it is also the foundation of data transfer on the internet. In fact, right now you can see it in your address bar, with an additional “S” that stands for secure HTTP.

As with all other protocols, HTTP uses a few request types to send or request information, as well as HTTP POST and GET. The most typical use of an HTTP flood is for hackers to obtain useful information from a web page and hide their tracks with a large number of HTTP POST or GET requests, to overload the web application or server.

This method requires less bandwidth to run, but can force servers to overload their resources.

  1. ICMP Flood (Ping)

The Internet Control Message Protocol is an error reporting protocol widely used by ping (Packet Internet Groper) diagnostic utilities, among others. Basically, a “ping” is done on a web page to see if it can be accessed. The ping results will point you to some connectivity problems, and from there you can begin to fix them.

A ping sends a small packet of information to the target network resource (for example, a web page), and that resource returns a packet of information of similar size to the sender.

A ping flood is simply a flood of ping requests, such that the network bandwidth of the attacked system is clogged as it tries to respond to each request.

Another type of DDoS attack that uses ping is the so-called Ping of Death, which, instead of using large amounts of data packets of similar sizes, bypasses security measures and sends large or malformed data packets to overload the system attacked.

How to stop DDoS attacks?

DDoS attacks are difficult to identify. A system administrator performing maintenance or even a technical problem with a particular network resource can produce symptoms similar to a DDoS attack. Still, it is better to stay alert and look closely and closely for very slow performance or unavailability of services.

Protection against DDoS can be done through traffic control and with firewall analysis or intrusion detection systems, these can detect and identify DDoS attacks. System administrators can also schedule alerts for abnormal traffic activity, such as abnormally high volume of data traffic or network packet drops, which meet certain criteria.

The bad news is that modern DDoS attacks can be so large and sophisticated that solving them yourself is next to impossible. You will need to call your internet provider (ISP) or a DDoS suppression expert to completely remove the threat.

If you are under attack, there are several things you can try to save time and call your ISP or an expert:

  • Increase bandwidth supply – increase your broadband availability to several times the current limit, in order to withstand sudden surges in data traffic.
  • Defend the network perimeter of your own server – you can mitigate the effects of a continuous DDoS attack by fine-tuning some network perimeters:
  • Limiting the speed of your router helps prevent overload of your internet server.
  • Introducing filters helps your router identify obvious attack sources.
  • Create more aggressive timeouts for unfinished connections. Some of the DDoS attacks take advantage of unfinished protocols to clog your bandwidth. More aggressive timeouts help shut down active DDoS attack vectors.
  • Discard malformed and false data packets.
  • Lower the thresholds for SYN, UDP, and ICMP, three of the most common DDoS attacks.

Once you fine-tune these tweaks, you can buy yourself some time for your ISP to deal with the DDoS attack, or for an expert to troubleshoot it.

On the other hand, internet security companies offer products and services that can help prevent attacks and strengthen protection against DDoS. The best way to prevent, identify and stop DDoS attacks is through DDoS protection software .