Each year, experts report that the occurrence of DDoS attacks is on the rise. Like many digital efforts, the more we improve security and protection the more sophisticated attacks become. The use of the IoT (Internet of Things) allows attackers access to millions of internet-connected devices to add to the brute force of attacks, not to mention the creation and exploitation of botnets waging distributed attacks across networks.
DDoS attacks, by definition, are malicious attempts to disrupt the flow of network traffic to a website or application. By flooding the infrastructure with traffic, systems become overwhelmed and cannot function properly. DDoS attacks use numerous compromised computers to initiate an attack, which means that it is difficult to staunch the flow due to the various contributing sources.
According to Cloudflare, these types of infrastructure failures cost organizations an average $100,000 per hour. During a DDoS attack, an attacker will take over infected systems and point them all towards one specific target. Computers that are compromised, through the use of a virus or bot, control the flow of connectivity to the targeted site. The result of downtime can lead to sales loss, disappointed customers, and increased site abandonment. To learn more about DDoS attacks, take a look at this post from 100TB.
Types of DDoS Attacks
To understand the various types of DDoS attacks, it is important to understand the different levels within a network connection. The OSI (Open Systems Interconnection) Model outlines the different levels of telecommunications system so that IT people (like yourself) can trace the flow of data and how it moves within networks. You can see a visual representation of the OSI Model below. For more information about how the OSI Model works, take a look at this terrific post for a rundown.
In a nutshell, data travels through the various layers to its intended destination. The topmost layer communicates only with the layer below it, and so forth down the model until data has completed the request. The entire sequence of data transmission happens at lightning speed each time you click an online link. If data is interrupted at any one level, the transmission ends. DDoS attacks overwhelm one or more of these levels to end connectivity and the flow of data to a targeted website.
In the paragraphs below, we will take a look at the most common DDoS attacks and the network connection levels they target:
SYN Flood attacks are a protocol attack and exploit the TCP handshake. This happens when an attacker sends a large quantity of TCP “Initial Connection Request” SYN packets through spoofed IP addresses. The host will receive the connection requests and respond. In a typical data connection, the host will receive the final response in the handshake before moving forward. However, during SYN Flood attacks, the final step never comes and thereby exhausts the host’s resources as the Initial Connection Requests build.
UDP Flood attacks exploit the time it takes a host to respond to a UDP packet when it is sent to one of the host ports. Infected machines will send UDP packets which the host will then try to sort. If no match is found, the host will ping an error back to the machine from which the request originated. If the UDP packet requests all return with pings, as in the case of a UDP Flood, then the host system can run out of the resources necessary to send responses. UDP packets will soon stack up to create a bottleneck that may completely overwhelm the host system.
Application (Layer 7) Attacks
While we have become accustomed to large-scale attacks and have created methods to mitigate them, many DDoS efforts have shifted from the transport and network layers to the application layer. These attacks are often much more sophisticated and require fewer resources to disrupt application or website operations.
Application layer attacks aim to exploit a system’s resources with a flood of HTTP requests. It is quite simple for a bot or infected system to send a single HTTP request. However, as the quantities build, the host can quickly become overwhelmed. These types of DDoS attacks are particularly hard to mitigate as it is difficult to know which requests are valid and which are malicious in order to block the traffic.
According to Cloudflare, “To combat Level 7 DDoS attacks, applications and websites must upgrade their networks to handle the load.” This can be done by ensuring that your solutions have the resiliency, scalability, and functionality to handle vulnerabilities.
While it is hard to cover all of the types of DDoS attacks in a single blog post, we have identified a few of the major attacks you need to be aware of. However, having a level of awareness alone is not enough to combat DDoS attacks. 100TB is now testing out a DDoS protection tool created to help our clients ward off attacks at any network level. Watch this space for more information on how you can quickly add an additional security front to your 100TB hosting solution to mitigate DDoS attacks. By doing so you will single-handedly protect your brand and fortify your reputation.