There are many cybersecurity threats out there for modern internet users and businesses to worry about, and DDoS attacks are among the most commonly used and most dangerous too, able to bring entire sites and networks down for lengthy periods of time.
This guide will take a closer look at what a DDoS attack is, how it works, as well as looking at the specifics of some different types of DDoS attacks as well.
In order to understand DDoS, we first have to understand the shorter but still highly relevant cybersecurity acronym: DoS.
DoS stands for denial of service, and a denial of service attack is one in which the perpetrator is attempting to make a network or device unavailable to its users by disrupting its services. The usual method of this is to flood the target machine or network with lots of requests in order to essentially overload it.
In physical terms, it would be the equivalent of a huge group of people trying to force their way into a small shop, blocking the entrance completely and preventing any actual customers from getting inside to make purchases. Another example would be a road being filled up with parked cars, preventing anyone who actually wants to use it from turning on and driving along.
Getting back to DDoS, this acronym stands for distributed denial of service. What makes a DDoS attack special is that the flooding traffic requests come from lots of different sources, so even if the network administrator or site owner tries to block one of the sources, the attack will still be effective at overloading the system.
How Do DDoS Attacks Work?
In order to carry out a DDoS attack, a network of connected devices needs to be prepared. Typically, these networks are built up with devices that have been infected with malware that allows them to be controlled remotely by the attackers. These infected devices are called bots, and together, they can form a botnet, a very powerful force in the world of cyberattacks. The attackers are able to use their botnets to direct attacks, sending out instructions to each bot to target a certain site or machine.
This way, the attacker can launch a DDoS attack whenever they want by getting their botnet to send requests to their targeted network. That network will suddenly see lots of requests from what seem to be legitimate users on real devices, and this vast quantity of requests can be enough to overload the servers and bring the system down temporarily.
How Do We Identify a DDoS Attack?
Even though the technology that goes into DDoS attacks can seem somewhat complex, spotting them is actually relatively easy. Often, when sites go down or start to become very slow to load and generally unresponsive, there’s a good chance that a DDoS attack may be occurring.
However, this may also just be because the site is getting a lot of legitimate traffic, perhaps during a special event like a sales promo or product launch, so we usually have to dig a little deeper into the traffic analytics to find out exactly whether an attack is occurring or a more innocent reason is to blame for a site’s struggles.
If a site owner notices a sudden spike of traffic coming from one single IP range or address, for example, this could be a sign of an attack. It may also be the case that a huge amount of new users are detected from the same type of device or location, or even simply using the same specific browser.
If a huge amount of requests occur on a page that has no real relevance or special significance, this may also be a sign of a DDoS attack, along with strange traffic patterns, like sudden spikes every 15 minutes, for instance.
Are There Different Types of DDoS Attacks?
There are, in fact, several types of DDoS attacks, and we can categorize these attacks depending on how they function and which parts of the network connection they target. Since network connections are made up of different layers and parts, each with its own purpose, DDoS attackers can choose to target individual layers, as desired, to give their attacks the best chance of success.
There are three main types of DDoS attack:
- Layer 7 Attacks – A Layer 7 Attack, also sometimes known as an Application Attack as it targets the ‘Application’ layer of a network connection, is designed to use up the system’s resources to bring it down. It involves making lots of HTTP requests, with huge botnets making the same request at the same time and the system struggling to keep up.
- Protocol Attacks – Protocol Attacks, which can also be known as SYN attacks or State-Exhaustion Attacks, are focused on using up all the server’s resources or resources of other aspects of the network, like the firewall. They target the third and fourth layers of network connections to bring them down. An example would be an SYN Flood attack that involves sending lots of TCP SYN packets, beginning the initial ‘handshake’ that happens when two devices connect but failing to finish the handshake, using huge system resources on the target’s end.
- Volumetric Attacks – Volumetric Attacks, meanwhile, are focused on using up as much bandwidth as possible between the target itself and the internet at large. It involves sending lots of data, usually via botnets, to a site or system. These kinds of attacks can be very effective and immensely difficult to deal with.
DDoS attacks are some of the most common cyber-attacks used by malicious hackers and individuals online, and they can be devastating for site owners and businesses around the world. Fortunately, there are ways to deal with them through means such as blackhole routing, rate limiting, firewalls, and so on, and the more you know about DDoS attacks, the better prepared you’ll be to stop them.