Warding off DDoS Attacks with Anti-DDoS — Part 1: Understanding Denial of Service

By Shantanu Kaushik

Struggling with DDoS Attacks? Get Free Support Now! Contact Us >>

Distributed Denial of Service (DDoS) is an attack that disrupts normal traffic to the server, network, or resource it targets. As the name suggests, it affects distributed computing architecture by affecting any particular system in this multiple-system-based architecture to overwhelm the resources. Exploited machines can be anything from servers, IoT devices, or network resources.

You can compare a DDoS attack with a traffic jam on a highway, except the road ahead is highly clogged, and vehicles cannot pass. Each compromised system increases the power of a DDoS attack and enables it to spread further. The attacker works to establish botnets to control as many devices as possible and hijack and clog the resources to deny service.

Identifying DDoS Attacks

  • Suspicious traffic spikes at odd hours during the day
  • Single resource clog or single website page pings
  • Similar user profiles generating massive traffic
  • Single IP address range generating massive traffic

DDoS Attack Principles

A DDoS attacker:

  • Gains unauthorized access to a computer and installs the master DDoS program
  • The DDoS agent program is installed on multiple computers
  • The master program initiates an attack by commanding all agent programs
  • Within seconds, all the agent programs are activated and start eating the network resources to deny service

DDoS-Related Risks

  • Data Leaks

Business data and customer record leaks are a huge loss. There are legal challenges, and the business’ reputation takes a hit.

  • Economic Loss

Denial of service due to a DDoS attack will hinder customer communication and stop customer access to business applications, which results in huge economic losses.

Types of DDoS Attacks

Application Layer Attack

Application layer attacks can mimic genuine user requests, making it hard to differentiate between an attack and genuine traffic. Services or website pages with larger resource consumption are more susceptible to DDoS attacks using HTTP flood attacks. These attacks are sent in high frequency and in larger amounts to seize the network, service, or page.

The image below depicts the standard operating procedure of an application layer DDoS attack:

HTTP flood attacks work to target and flood the infrastructure of web applications to cause a denial of service. They affect the performance and functions of the web application to seize the service.

Transport Layer DDoS Attacks

SYN floods are protocol attacks that are used for state-exhaustion. State exhaustion causes disruptions in service by consuming network or server resources. These resources could be server load balancers or cloud firewalls.

These types of DDoS attacks exploit any vulnerability in the TCP handshake. The victim server receives an illegitimate SYN packet. When the server tries to respond with an SYN-ACK, the ACK bounces. Attacker bots send out multiple SYN packets to flood the system. Since the server doesn’t get any response for the SYN-ACK, the resources get used up. As the SYN queue fills up, the server will cease to respond to any request it gets from any user, hence a denial of service.

Let’s take a look at the representation below:

Network Layer DDoS

These attacks can induce a massive connection slowdown by exhausting the concurrent resources of the server being attacked. As soon as the upper limit of the connection request is reached, the server denies any new connection requests. This type of attack exploits the HTTP by requesting and forcing open connections that overload the network.

Packet and DNS DDoS Attacks

Packet attacks occur when malformed IP packets are sent to the victim system. This could result in denial of service. When multiple attack bots place domain name query requests at the same time, it creates a DNS query flood, which results in a denial of service.

Wrapping Up

In this article, we focused on understanding how denial of service occurs in different scenarios. In the next article of this series, we will focus on using different Alibaba Cloud products to maintain a healthy system to mitigate DDoS attacks.

Upcoming Articles

  1. Warding off DDoS Attacks with Anti-DDoS — Part 3: Alibaba Cloud Anti-DDoS
  2. Warding off DDoS Attacks with Anti-DDoS — Part 4: Global DDoS Collaborative Protection and GameShield

Original Source:

Follow me to keep abreast with the latest technology news, industry insights, and developer trends.