Cyber attacks seem to be appearing on the news with a great regularity, and many of them seem to be aimed at large networks like but limited to gaming platforms such as the PlayStation network and Xbox Live. The most common of these attacks is a DDoS attack. These are often seen on the news as attacks from hacker groups to disrupt the service of whichever online service they wish to target.
So What is a DDoS attack?
Firstly we have to look at the main component here which is the “DoS” DoS stands for Denial of Service. The aim of a DoS attack is to flood a server with useless traffic until it cant cope with the amount of data it needs to deal with. Two things can happen at this point, the server can simply fall over and shut down due to the load on it and require a complete reboot once the attack has finished, or the server will stop accepting in coming connections and for all intense and purposes it will be offline for normal users anyway.
A simple Denial of Service attack from one user or even one local network however will not likely be able to topple over large networks like the ones you see affected in the news. This is where we start to look at “DDoS” This is a is “Distributed Denial of Service”. The main difference is that a DDoS attack consists of many networks from hundred or even thousands of computers all requesting pointless data from a server. With this level of attack many server and networks will simply be shut down under the load.
How is a DDoS attack coordinated?
If a DDoS attack can use thousands of computer to simultaneously attack a single network, how exactly can it get all the computers in the attack to do this as normally a hacker group would only consist of a small number of people. The answer to this question is normally a virus, specifically a trojan horse virus. The virus is planted on computers around the world by various means usually downloaded onto peoples computers from websites or bundled with software. Normally the websites or software is of a contentious nature but people will still go there. Once the virus has infected a computer it can be called upon to carry out the attack at anytime. As the Virus spreads the DDoS will be more and more destructive. A large network of computers connected together by means of a virus for this type of cyber attack is often referred to as a “Botnet” because its a network of computers which will do the desired action without the users of said computers knowledge or authorization (a Robotic Network).
What can be done to prevent DDoS attacks?
Up to date decent Anti-Virus software can stop your computer from becoming part of a DDoS attack, but its the server side that has to have the real defense against the attack as the whole world is never going to be virus free. On the server side you can have your routers limit the amount of traffic it lets through. This can however limit the amount of real visitors that can access your site and in the event of an attack will also block out the real visitors but it might stop your server from completely falling to its knees.
Software which detects DDoS is also available to purchase which can notice when an attack is taking place and give you the appropriate protection. The only problem with this solution is the same one that Anti-virus programmers face. Once one type of attack is figured out and can be blocked the cyber criminals evolve the attack and find new ways to get round the software.
Companies can also hire monitoring companies that will keep an eye on the server and take the appropriate action if they spot an attack taking place. An efficient response can be all important to save your site from expensive downtime.
Types of DDoS attacks
DDoS attacks can be split into 3 main categories, each with roughly the same goal but with different methods in order to achieve it.
Volume based attacks – Volume based attacks are designed to eat the bandwidth of the server. They attempt to consume all of the available memory bandwidth of the server so that when a legitimate user requires the service it wont be able to for-fill the request. These attacks are measure in Bb/s.
Protocol Attacks – These attacks attempt to consume all of the servers available resources. it does this by trying to tie up the communication equipment on a network such as routers or firewalls. Once they are overloaded any requests to the server will be denied. These attacks are measured in Packets per second.
Application Layer Attacks – These attacks go after the foundations of the web server, the applications such as windows and Apache. The goal is to crash the web server because of the amount of requests for data. The measure of severity of these attacks is measured in requests per second.