Why AD360

A proven leader in identity and access management

ManageEngine AD360 offers a dynamic and scalable platform designed to centralize identity management within your operational framework.

Irrespective of your industry, specific use cases, or support requirements, AD360 is uniquely equipped to meet your diverse needs effectively and comprehensively.

9 out of every 10 Fortune 100 companies trust ManageEngine

Companies logosCompanies logos

Your business goal

Your industry

Solutions

"We were able to meet the compliance stipulations of our Community Connect host, who looks after our medical records system.

What I appreciated most was the stricter control we've achieved over our domain admin accounts."

Jarod Davis,
Computer Technician,
Reedsburg Area Medical Center

Identity Management

Identity Security

Resources

Product Training and Certifications

  • Product education courses
  • Free product starter kits
  • Earn a Certificate
 

Resources

Customer Success

Support

View All Resources  Request Technical Assistance  
Request Pricing
Schedule a demo
30 minute personalised live demo

See how AD360 can help your organization to manage, protect, and empower identities - from a single centralised web console.

After the demo, you will be able to:
  • Automate user onboarding and offboarding
  • Detect suspicious user activities with UBA-driven audits and alerts
  • Enable one-click access to enterprise apps with MFA-powered SSO
  • Reduce IT tickets with self-service password reset and account unlock
  • Enable non-admin users to perform IT tasks with help desk delegation
  • Manage, audit, and monitor with Microsoft 365 management and security
Download free trial
 

Phases of a DDoS attack, explained

By Dharuna
Published on March 21, 2022

Denial-of-service (DoS)

A denial-of-service (DoS) attack is a type of cyberattack that aim to flood the target computer with requests and render it inaccessible to the intended users.
and distributed denial-of-service (DDoS) are forms of cyberattacks where the adversary tries to make services or network devices unavailable for their intended purpose by flooding the server or host with an overwhelming amount of malicious requests, rendering the machine unresponsive to legitimate requests. While DoS attacks typically originate from a single source (e.g., a computer or a network-connected device), DDoS attacks are carried out through multiple sources (e.g., bots) and cause more damage than the former. DDoS attacks are also more widespread than DoS attacks because they are far more sophisticated and difficult to control, even with modern cybersecurity
The implementation of processes, technologies and practices that strengthen the overall security of digital infrastructure from malicious attacks that mainly intended to steal, manipulate and exploit sensitive digital information for ulterior motives.
 solutions.

What does a DDoS attack look like?

Increased traffic to your website is always a good thing, right? Not necessarily. There’s a chance it could be a DDoS attack. Some of the tell-tale signs of a DDoS attack are:

  • A barrage of requests from a specific set of IP addresses or anonymized IP addresses.
  • All requests being targeted at a specific page, most likely the login page.
  • Excessive spam emails.
  • An unexplained increase in 503 errors.
  • TTL on a ping request timing out.

DDoS attacks can cause long-term impacts and are a serious security concern for businesses.

Types of DDoS attacks

Depending on the mode of attack and the target areas in the network, DDoS attacks can be categorized into the following types.

Volume-based attacks

These are the most common type of DDoS attack. In a volume-based attack, the attacker floods all the open ports with requests and overwhelms the network bandwidth. User Datagram Protocol flooding and Internet Control Message Protocol flooding are examples of this.

Protocol-based attacks

These attacks usually target the critical parts of the network used for verifying connections. This is accomplished by sending malformed pings or pings with irregular data that exhaust the network resources in the verification process. They also target load balancers and the firewalls

A software barrier that stands between the internet and an organizational network, Firewall inspects incoming traffic and filter the malicious ones out before entering into the network.
that are configured to protect the network against such attacks. Examples of protocol-based attacks include a SYN flood and a ping of death.

Application-based attacks

These attacks are very sophisticated and difficult to identify. They target vulnerabilities in the application layer and the operating system. These attacks prevent important application information from being delivered to the user, and the overwhelming bandwidth results in a system crash. Examples of this type of DDoS attack include an HTTP flood and an attack on DNS services.

Fragmentation attacks

Fragmentation attacks are targeted at the TCP/IP reassembly mechanism, thereby causing a disruption and overlap of the data packets being put together. This overwhelms the network server. An example is a teardrop attack.

Phases of a DDoS attack

The DDoS attack chain

A denial-of-service (DoS) attack is a type of cyberattack that aim to flood the target computer with requests and render it inaccessible to the intended users.
is comprised of two phases.

Phase 1: Making a botnet

The first phase of a DDoS attack is the formation of a botnet. A botnet is a group of devices that have been compromised by malware and are now controlled by an attacker, known as a bot herder or bot master. This botnet will be deployed to launch DDoS attacks and other malicious acts, including phishing

A cyberattack that aims to extract sensitive information/credentials from the user by posing as content from a trustworthy source— emails, messages containing spurious information such as false alarms, rewards et al. Phishing is used as a gateway for threat actors to infiltrate a target network.
, email spamming, and theft of critical data. This phase takes place in three steps:

  1. Vulnerable devices that can be compromised and added to the botnet are identified.
  2. The devices are then infected with malware via phishing emails or stolen credentials. They may be used to directly launch a DDoS attack or to infect more devices that can be added to the botnet.
  3. The infected devices are organized and brought under the control of a bot herder. Earlier botnets were controlled by a single host server. This made it easy for the host to be tracked, so this method has become obsolete. This client-server model has now been replaced with a peer-to-peer model where all the devices in the botnet can communicate and redirect information to one another.

Phase 2: Launching a DDoS attack

In the second phase of the attack, the devices belonging to the botnet are directed to send requests to the target server. This overwhelms the server by taking up the entirety of its bandwidth and renders the server unavailable to respond to business requests from clients.

How do you prevent DDoS attacks?

Create awareness about basic cybersecurity best practices

Employees should be regularly trained on cybersecurity best practices and made aware of the importance of cyber hygiene

The technological and habitual practices that are consistently adopted by organizations and its users to ensure a threat-free digital environment is commonly known as cyberhygeine.
practices like ensuring secure authentication
The process of verifying a user's credentials in order to confirm that their individual identity correlates with the digital identity.
, changing passwords frequently, identifying phishing attacks, and looking for the signs of a DDoS attack.

Secure the perimeter and reduce the attack area

Take inventory of all the devices on your network and disable inactive ones that can be exploited by attackers to enter your network. All the possible entry points of attacks should be identified through a network vulnerability assessment process so you can be better prepared to prevent DDoS attacks and other cybersecurity attacks.

Fortify your network security

Make use of robust and advanced cybersecurity solutions like anti-malware, anti-virus, firewalls, DDoS protection, and other tools that would best suit the size and nature of your business. Ensure that your servers are spread across multiple sites topographically. This will make it hard for an attacker to disrupt all the servers and will ease the balancing of excess traffic due to DDoS attacks.

While complete prevention of DDoS attacks is impossible, it is recommended that businesses be aware of the various ways a DDoS attack can happen, and have suitable mitigation measures in place to curb an attack. In fact, there were nearly 5.4 million DDoS attacks in the first half of 2021—an 11% increase compared to the first half of 2020. With the easy availability of DDoS attack kits, the rise in the number of IoT devices, and widespread connectivity between devices, which opens up attack channels, these numbers are expected to increase in coming years. Attack mechanisms will continue to evolve, and it is up to businesses to establish better security practices and protocols to protect themselves as much as possible.

Related Stories

  • Role of privileged access management in Zero Trust

    Jenny
    Jan 05, 2022

  • SASE and Zero Trust: The perfect match

    Kavin
    Jan 05, 2022

  • Privacy Laws: The watchdog of authentication evolution

    Aravind
    Jan 05, 2022

Solutions

Industries

Resources

Help & Support

About

AD360 is an integrated identity and access management (IAM) solution for managing user identities, governing access to resources, enforcing security, and ensuring compliance.

Ebook Thumbnail
ManageEngine AD360 Buyer's Guide
Your all-in-one AD360 handbook
Download (.pdf)
Chat now
   

Hello!
How can we help you?

I have a sales question  

I need a personalized demo  

I have a product query  

E-mail our sales team  

Book a meeting  

Chat with sales now  

Back

Book your personalized demo

Thanks for registering, we will get back at you shortly!

Preferred date for demo
  •  
    • Please choose an option.
    • Please choose an option.
  •  
  • Functionalities you’re interested in*
    This field is required.

    Done

     
    • Contact Information
    •  
    •  
    •  
    •  
  • By clicking ‘Schedule a demo’, you agree to processing of personal data according to the Privacy Policy.
Back

Book a meeting

Thanks for registering, we will get back at you shortly!

Topic

What would you like to discuss?

  •  
    • Details
  •  
    • Please choose an option.
    • Please choose an option.
    Contact Information
    •  
    •  
    •  
    •  
  • By clicking ‘Book Meeting’, you agree to processing of personal data according to the Privacy Policy.
Back to Top

Thank you for subscribing our newsletter

Actionable cybersecurity insights, straight to your inbox

Thank you for subscribing newsletter

You have already subscribed to our newletter

Actionable cybersecurity insights, straight to your inbox

  • US
  • By clicking "Subscribe now", you agree to processing of personal data according to the Privacy Policy.