Introduction

The world has seen a dramatic transformation. The turn of the 19th century was like taking a flight instead of walking. The destiny is getting better, making lives easier. A large portion of this was made easier by the internet.

Internet meant better and easier communication. As this technology got better, the uses and its scope began to widen. The horizon expanded and the possibilities grew. This lead to the rapid development of the World Wide Web. This got people closer and things were made easier. Information was readily available and there for absorption. During this expansion new ways were found to utilize the internet and the web.

This brought many changes. Virtual libraries became common. Banking shrunk into little apps. Funds could be transferred on a single click. Consoles now seem like big plastic pieces and gaming is now easier on mobile phones.

Technology, devices and almost everything has a positive use. For example, there are millions of website that benefit almost the entire world population. At the same time, there are people that use it for devious purposes. Hacking, identity theft and whatnot.

One of the ways to disrupt a normal day is by attacking a website and bombarding it. Bombarding it what? Using tactics to slow the website or a server down. This jeopardizes both service providers and its consumers. This cyber-attack is what we call a DDoS attack.

What is a DDoS attack?

DDoS or a distributed denial-of-service attack is an attempt to disrupt routine traffic of a server or network. This is done by driving huge amounts of internet traffic towards the target or its surroundings. In short, it is like pushing a lot of traffic towards a narrow intersection. Resultantly, a traffic jam.

DDoS attacks are effective when they utilize multiple computer systems. These systems are usually hacked or compromised. These systems then become the traffic that disrupts the network. This traffic usually consists of systems and machines. However, there are times when network resources like IoT may prove vulnerable.

How does it work?

A DDoS attack requires an attacker to be in control of a bunch of machines. These online machines then become tools for the attack.

We know that the attacker needs control of a machine to carry out the attack. Malware helps the attackers to turn the machine into a bot or a zombie. This malware enables the attacker to gain control over the bot. The attacker remotely uses this machine which is also known as a botnet.

Once the attacker takes control of the botnet, it is then manipulated to attack the target. Each bot sends requests to the target on command. This works like a remote control car. A push of a button and the car moves in the desired direction.

The attack is in place. IP address of the victim is under fire by a botnet. This leads to more traffic than the server can handle. This overwhelming number of requests lead to a denial-of-service to the normal traffic.

This request generation from a legitimate device makes it hard to differentiate between a botnet and a normal device.

Types of DDoS attacks

A network consists of many components. Most of them vulnerable to reaching their capacity threshold. The components of a network are also known to be “layers”. We need to understand these layers before we proceed to the types of DDoS attacks.

The OSI Model below is a conceptual representation that describes the 7 layers of a network.

Layer 7Application Layer
The interface between the application
and the network.
Layer 6Presentation Layer
Converts data from the application
layer into a format comprehensible
to the other layers
Layer 5Session LayerLooks after communication sessions.
Layer 4Transport LayerAssembling data packets.
Layer 3Network LayerConcerned with data packets delivery.
Layer 2Data Link LayerEnsures error-free connection for
free-flowing data.
Layer 1Physical LayerConcerned with the physical aspects of
the network.

This should help give you an understanding of a network. With this out of the way let’s take a look at the types of DDoS attacks.

1.    Application layer attacks

It also sometimes known as a layer 7 DDoS attack. The attacker aims to exhaust the resources of the target.

The attackers aim the layers where web pages are generated. The server receives HTTP requests and pulls up the right data from the server in response. It is easy to generate an HTTP request. The receiving party may have to go through complexity. The pulling up data can be difficult as it may include a large number of files. This further complicated when multiple database queries need to be run. Pulling up data, files and running of queries combine to form the requested webpage.

It is hard to differentiate between malicious and legitimate traffic. It makes it difficult to defend a layer 7 attack.

    HTTP Flood

This attack is similar to refreshing a web page over and over again. This requires multiple machines to do so. A large number of request rush towards the server at once. Once the server reaches its capacity, it results in denial-of-service.

2.    Protocol Attacks

This attack is also known as a state exhaustion-attack. Attackers consume all available state table capacity of web application servers. Occupation of servers or intermediate resources like firewall can also be the cause of this attack. This causes disruption and hence, denial-of-service. 

This attack seeks vulnerabilities in layer 3 and 4. Overloaded protocol stack makes the target inaccessible.

•    SYN Flood

An SYN Flood is similar to a worker in a supply room. This worker receives requests from the storefront.

There’s nothing wrong with a worker receiving requests. The worker receives a request to get a package. He needs confirmation to bring the package to the storefront. The worker keeps getting new requests. There comes a point that the worker cannot deliver any packages. The requests mount up and the worker has a large number of requests. The worker has more packages to bring to the storefront than he can carry. The worker is overburdened and the requests start going unanswered.

This attack aims to exploit TCP handshake. This is accomplished by sending a large number of TCP “Initial Connection Request” SYN packets. These packets us spoofed IP addresses.

3.    Volumetric attacks

This type of attack looks to target bandwidth. The attacker tries to consume the available bandwidth between the target and the larger internet. The attacker usually sends a large amount of data towards the target. This can also be done using amplification or other means to eat up the bandwidth. This directs a huge amount of traffic towards the target. This traffic then causes congestion.

•    DNS Amplification

A DNS Amplification attack is making a call to a pizza parlor asking them to get you everything on the menu card. To further burden the target you ask them to repeat the order stating singular item names. So without making a lot of effort, the attacker requests a long response.

The attacker generates a request from a spoofed IP address. The request is generated in a way the DNS server has to respond with large amounts of data. So the target receives an amplified form of the initial request.

Strategies

There is a scientific approach to problem-solving. The first in this process comes the identification or understanding of the problem. Our problem is DDoS. We now know what DDoS is. We have also looked into different types of DDoS attacks. The problem understood. Its spectrum, in sight. It is now time to look into problem-solving.  Here are a few strategies to fight a DDoS attack.

1.    Bandwidth

This may not necessarily be prevention or a solution. Getting a higher bandwidth width can help you fight a DDoS. Meaning? Get a blazing fast internet connection like Mediacom internet. Fast, reliable and resilient.

The faster internet has the capacity to withstand DDoS attacks. It enables the server to last longer without giving up.

Think about the number of requests Google or Amazon receive every day. Add all that with a DDoS. Why do you think they don’t go down? Agreed that they are tech monsters and have a lot of protocols and methods to fight off a DDoS attack. Lots of bandwidth give them the extra cushion to handle all those requests and fend off any DDoS attacks. There is no doubt that the more bandwidth costs more. We are not asking you to match the bandwidth that eBay has. The rule is greater the bandwidth, the bigger the attack your server can handle.

2.    Mitigation

We all know the saying “prevention is better than cure”. It is true for most problems. DDoS is a problem you don’t want to have. This is exactly why you need to work on the preventing measures.

One way to avoid a DDoS is by detecting one. Detection can help you single out Troublesome IP addresses. These addresses can then can be blocked. Once blocked the connection is cut off which prevents the IP address from accessing the server and causing damage.

It is amongst the most popular strategies to fight a DDoS. Detecting a DDoS certainly helps against the attack by redirecting it from your main server.

3.    Response plan

It is always a good idea to analyze the procedures in place. This enables you to know the weak spots. This can also help you to develop a DDoS prevention plan. Smaller companies do not require much effort to put a plan in place. However, larger businesses require complex infrastructure and many teams to come up with a DDoS plan.

Fighting a DDoS is not easy. Steps and measures need to be taken to avoid one. Procedures need to be in place to give a quick reaction and minimize the impact.

Development of an incident response plan is the first step towards a comprehensive defense strategy. Setting up a response plan can be tiring. This, however, defines how an attack will end. Preparing data center and an active team is the key to success. This helps minimize the impact which can save the pain of recovery.

4.    Secure network infrastructure

Eliminating network threats is not simple. It usually requires multiple levels of security. More complex the security, better the protection.

Securing network infrastructure is another way to add a layer to the security in place. This also includes advanced intrusion prevention and threat management systems. Combining this with VPN, firewalls, anti-spam, content filtering and other layers of DDoS defense techniques.

The combination of them all provides constant and consistent network protection. Which obviously means protection from a DDoS attack. This enables you monitor, and see a threat from a mile away. Spotting a threat early always proves helpful in either prevention or minimizing the impact.

5.    Cloud

There is a reason why outsourcing has become popular. It is easy, less costly with greater efficiency. DDoS prevention too can be outsourced. Outsourcing it to cloud-based service providers comes with a lot of benefits. First, the cloud has greater bandwidth and larger resources than a private network. This works like a buffer. Your existing resources are topped up with a cloud-based service. This adds to capacity and creates difficulties for the attacker. Bigger the resources, the less the chances of the hardware to fail.

Second, cloud-based resources are diffusive in nature. Meaning? Cloud-based apps have the ability to absorb malicious traffic before it can reach the target. The third benefit may just prove to be the most important one. Cloud-based servers are run by software engineers. These professionals work to know about the latest DDoS tactics. Knowing what’s going to happen certainly helps to prevent a trouble.

6.    Hire a professional

No one can a job better than a professional. It is always a great idea to hire someone proficient in internet security. There’s a variety of service providers to choose from. This can help you save on acquiring the technology. Meaning? Securing your network may require you to purchase additional hardware and then manpower to run them. Hiring professionals save you this cost. Not only this, but you will also have a professional looking after your interest.

Conclusion

Securing a network from a DDoS is not easy. We also know that preventing one is easy than fighting one. A single remedy or strategy will certainly not do the job. To ensure smooth running a combination of strategies makes the network safer. The more the merrier.

By Chakraborty

Dr Chakrabarty is the Chief Innovation Officer of IntuiComp TeraScience. Earlier she was Assistant Professor of Delhi University, a QS ranked university in India. Before that she has held research positions in IIT Mumbai, IIT Chennai and IISc Bangalore. She holds 2 patents and over 20 research publications in her name which are highly cited. Her area of research is in smart technologies, integrated devices and communications. She also has a penchant for blogging and is an editor of Business Fundas.