Denial-of-service (DDoS) is a common cyber threat. It is an attempt to make a resource unavailable to the intended users. This is possible through temporarily interrupting or suspending services of a host connected to the Internet or by preventing the resource from accessing traffic generated from multiple sources. Here the attacking source will have more than one or often thousands of unique IP addresses. These attacks often target high-profile organisations and services like banking, credit card and payment gateways. The first documented Dos style attack dates back to February 07, 2000. DdoS attacks are launched by large clusters of connected devices and are hence difficult to avert due to the volume of devices included. It is, therefore, impossible to stop the attacks by blocking any single IP address in the firewall and furthermore it is really hard to figure out legitimate user traffic and attacker-traffic.
The symptoms of DDoS attacks include an unusual slow performance of the network, unavailability to any particular site, an increase in the number of spam emails received and long term denial of access to any internet services. The target becomes so busy in dealing with the attackers request so that it will not have time to spare for legitimate user requests. Attacks of serious nature can forge or spoof the IP address of the sender so that it would be tough to find the location of attacking machines. Also, it is not possible to implement filtering on the basis of IP addresses.
A successful DdoS attack has the capacity to create an impact on the entire online user base. The large multitude of compromised systems attacks a single target forcing it to shut down the service. In any typical attack, it all begins from exploiting any loophole in a vulnerable system and eventually transforming it as the DdoS master. This DdoS master identifies and infects other vulnerable systems and instructs these systems to attack the target. The virus infected computers are called Zombies. A large group of Zombies constitute a botnet.
There are three ways of DdoS attacks- crash services and flood services.
** Volume based attacks
This attack influences the User datagram Protocol by flooding random ports of a remote host with numerous UDP packets causing the application to continuously check for application listening on the particular port, which can ultimately result in inaccessibility.
Similar to UDP floods, ICMP floods target resource with ICMP echo requests without even waiting for replies. This attack can consume both incoming and outgoing bandwidth resulting in overall system slowdown.
** Protocol attacks
Ping of Death:
This attack constitutes an attacker sending malicious pings to a computer. Ping of death overflows memory buffers allocated for packets and causes the denial of service for genuine packets.
** Application layer attacks
A highly targeted attack holds as many connections to the target web server for as long as possible. It never completes a request. Instead, it constantly sends more and more HTTP headers thus exceeding the maximum concurrent connection pool.
In this attack, the attacker exploits by sending numerous HTTP GET or POST requests to attack a web server or application.
It is really difficult to defend a highly sophisticated DdoS attack. The best solution is to secure computers from being hijacked. This is the only way we can prevent attacks, even before it is launched. We are always vulnerable to DdoS attacks. We should analyse in depth, what is happening in a network. Make sure the DNS is well protected, familiarize ourselves with typical inbound traffic and configure routers and firewalls to detect DdoS attacks.