Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks are growing larger, more sophisticated, and more impactful than ever, and customer-facing services are bearing the brunt of these attacks. DoS and DDoS attacks aim to make your servers, devices, services, or applications unavailable to end users. Although these attacks don't result in stolen or leaked sensitive data, they can still do significant damage to your company's productivity, uptime, and reputation.
A DoS attack comes from a single malicious source, executed using techniques that overload your systems by consuming very large amounts of your network bandwidth. This ultimately makes your services inaccessible to legitimate users.
A DDoS attack is a more advanced version, where an attacker uses a whole network of compromised hosts to drown the target system with packets and requests for data, making it impossible for the target to deliver services to its users. These hosts can include malware-infected computers, Internet of things (IoT) devices, routers, and other endpoints.
You can think of a DDoS attack as a traffic jam clogging up a highway, blocking regular traffic from reaching its destination. DDoS attacks can have results ranging from a few minutes of disrupted services to prolonged outages of entire websites and applications that can last for days.
To understand how you can protect your online services from DDoS attacks, it's important to know how DDoS attacks are executed.
Usually, DDoS attacks rely on botnets. A botnet, short for robot network, is a network of malware-infected hosts that are centrally controlled by a single attacking party. These malware scripts can be distributed over the internet through phishing emails, malicious downloads, and malignant websites, and can be installed without the user knowing.
Once malware is installed on a host, the device becomes a bot. These bots can be computers, servers, IoT devices, mobile devices, or other types of devices. These bots, collectively known as the botnet, are then orchestrated to flood websites, servers, and networks with more data than they can accommodate to bring down the target system.
The number of bots in a botnet can range from thousands to millions and bots can be scattered all over the world. The device that you're currently using may even be part of a botnet, too, without you knowing it.
Broadly, DDoS attacks can be classified into three categories.
Volume-based attacks involve hackers utilizing a large botnet to flood a website with traffic. This takes up a large amount of the target's network bandwidth, resulting in legitimate traffic unable to pass through. This type of attack is measured in bits per second (bps). User Datagram Protocol (UDP) floods and Internet Control Message Protocol (ICMP) floods are some examples of volume-based attacks.
A protocol attack is designed to consume the processing capacity of networks, targeting resources like servers, firewalls, and load balancers. This type of attack is measured in packets per second (pps). SYN floods, fragmented packet attacks, ping of death, and smurf attacks are some examples of protocol attacks.
Application layer attacks are the most sophisticated type of DDoS attacks. These target the vulnerabilities in the application layer of the Open Systems Interconnection (OSI) model. These attacks cause outages by employing botnets to simultaneously open thousands of connections, initiate processes and transaction requests, and consume finite resources like disk space and available memory. These types of attacks are measured in requests per second (rps). GET/POST floods, low and slow attacks, and Slowloris are some attacks that fall under this category.
If you are experiencing any of the following, it is highly likely that your system is under a DDoS attack or your device is infected with botnet malware.
To thwart DDoS attacks, you can:
In addition to the above measures, monitoring and auditing log data in your network is crucial and can go a long way in detecting and mitigating DDoS attacks. Log data contains invaluable information on events occurring in your network and provides important insights on potential DDoS threats.
Log360 audits log data from your network security devices—firewalls, intrusion detection systems, and intrusion prevention systems—instantly detects DoS and DDoS attacks, and alerts you in real time. Even when it comes to web servers, Log360 has all the reports you need. Track web server activity to detect when a specific IP sends repeated connection requests, or use Log360's predefined reports and alerts specifically designed to detect DoS and DDoS attacks.
With Log360, you can:
Try out a free, 30-day trial of Log360 to test these features for yourself.
You will receive regular updates on the latest news on cybersecurity.
© 2021 Zoho Corporation Pvt. Ltd. All rights reserved.