Everything you need to know about DDoS
Hello reader, welcome back to another article! I hope you are doing fine. This article is about Cyber Security and specifically a type of cyber attack known as DDoS. Let’s get started.
Introduction
A Distributed Denial of Service (DDoS) attack is an attempt made to take down a website, server or an application by overwhelming it with fake traffic. The attacker generally do not benefit anything from this type of attack. A DDoS attack can range from a simple act of mischief to a big-time downtime of an application resulting in loss to the business.
For a company (or simply a website owner), it is important to know about DDoS as it is one of the most common internet vulnerability in the WWW. They must prepare themselves with security services like mitigation services, Black Hole Routing, server patching etc.
But, What actually is a DDoS attack?
To understand what a DDoS attack does, one must know how internet and web requests work. A simple web request consists of a client, HTTP protocols and a server. Client is the one who sends the request to a server over HTTP (or HTTPS) and the server is supposed to reply with relevant data (or response in this scenario).
Server is generally a high performant Linux machine built specially to host and serve web applications. But how high performant a Linux machine can be? If you flood it with a huge number of requests and transactions, will it be high performant then or will the application respond anymore?
NO. This is actually what a DDoS attack is, by definition — a server is hit with a huge number of requests — more than it can handle in intent to cause the system to fail (server crash). As mentioned above, the attacker does not benefit anything from this attack, rather it is categorized as purely an act of mischief, revenge or hacktivism.
In February 2018, the biggest VCS organization, GitHub became a DDoS target. Hackers hit the website with a data flow of 1.35 terabytes/second (around 1382 GB/s) in this attack and it was considered a massive attack.
How Does a DDoS Attack Work?
Small DDoS attacks usually start off by testing the limits of an online system (web-server or application). Some attacks are a series of malicious requests on vulnerable web endpoints (like search functions).
But, bigger DDoS attacks most often work with the help of botnets. Botnets generally consist of compromised IoT devices, websites and any type of computer. These devices work in harmony with each other towards the success of a DDoS attack.
Basically, your own devices could be a part of a botnet, performing these activities without your consent and it may not be considered your fault! But nobody likes to be a part of a trouble — so keep your firewall updated. Do note that Linux devices don’t have a firewall of their own.
What is the goal of a DDoS attack?
The goal of a DDoS attacker is truly subjective. The attacker may or may not have any goal behind a attack. But generally the following two are considered the most common:
- To slow down a website/online system to respond to legitimate requests
- To entirely shut down an online system making it impossible for users to access it.
How does it affect a website owner? Well it may not do any direct financial harm but it costs a huge downtime to a business. Imagine Netflix getting shut down for some hours!
How much harm can it cause?
Talking about the integrity of a website, a DDoS attack doesn’t cause any harm to it. The sole purpose of this attack is to overload the resources of the website. However, a DDoS attack can be used as a way of asking for ransom from the owners as in blackmail or extortion. It can have other motives too like political, terrorist, business competition etc.
Can DDoS attack steal sensitive information? NO, as stated above, the purpose and focus of a DDoS attack is just to overload the resources of a website and this type of attack cannot have access to private information.
How to prevent DDoS Attacks?
Prevention is better than cure!
We talked about the DDoS attack that hit GitHub in the month of February in 2018. GitHub faced a 10 minute outage that day (which is very less comparing it with the scale of the attack) and was able to overcome the attack because the servers activated their DDoS mitigation service (a security measure against DDoS attack). They didn’t face that much of a loss from this attack since they were potentially prepared for this kind of attack.
In addition to DDoS mitigation service, you can also employ your standard endpoint security measures like patching your servers, keeping your Memcached servers off the open internet, and training your users to recognize phishing attacks.
Most of the DDoS attacks are country specific too — meaning, source of these attacks are only a couple or two specific countries. You can use a Website Application Firewall (WAF) to act against malicious traffic on your site. These firewalls also have the ability to block traffic from specific countries.
That’s it on DDoS for now! Thanks for reading. If you are new here don’t forget to follow my account to read tech articles.
If you found this article insightful, do share it with your acquaintances and friends who are starting off a business or a website. They may find this helpful! Stay safe, stay secure.
Read more articles written by me:
