What is DDoS Attack?

A DDoS attack (distributed denial-of-service attack) is an attempt to make an online service, network, or application unavailable by overwhelming it with traffic from multiple compromised sources, blocking legitimate traffic from getting through.

A DDoS attack affects not only the targeted service, but also legitimate users of that service and all of the systems affected with malware used to participate in the attack.

If you need any help please contact with us:
support@asiahostbd.com

We’ve all heard about DDoS attacks in the news, from the infamous 2016 Mirai botnet attackthat took out much of the Eastern United States, to the recent record-breaking attack against GitHub. In this blog post, I’ll explain exactly what is a DDoS attack and share some of the ways you can protect against and mitigate those attacks.

Get DDOS Protected Hosting From us:

Imagine a busy night club. Someone pulls the fire alarm and runs around yelling, “FIRE!” Immediately, hundreds of people call 911 all at once. The phone lines are flooded, and dispatchers race to answer each call. Simultaneously, there is a legitimate emergency across town, but citizens reporting that emergency are unable to reach 911 operators, because they are scrambling to handle the onslaught of fraudulent calls from the night club.

This is similar to a DDoS attack, where legitimate resource requests are blocked while systems try to handle large amounts of legitimate-looking but phony traffic.

What types of services do DDoS attacks affect and why?

Any online service can be affected, but often financial, gaming, and news sites are affected. Typically, the perpetrator is attempting to send a message, either political or otherwise, by blocking access to information. Attackers range from individuals, DDoS-for-hire services, and cyber-vandals to organized crime rings and government agencies. Sometimes, they are completely accidental due to poor code, outdated systems, or the timing of events. Motivations vary and include boredom, extortion, rivalry, business competition, political and social protests, and retaliation.

In the case of the 2016 Mirai botnet attack, the original motivation was actually online gaming and financial gain, although the Mirai bot code was likely used for other reasons, which may never be known.

It’s worth noting unless you have a host that is acting as part of the botnet, typically your data and information is not at risk during a distributed denial-of-service attack — only your access to it. However, an attack may overwhelm or distract network and security teams, allowing a window of opportunity for a criminal to compromise systems in other ways to steal information. This is a danger, because the more specific or targeted attack intended to access systems and extract data is hiding behind the DDoS attack currently being mitigated.

Who are the players in a DDoS attack?

Attackers or malicious actors: Obviously, there is the person or people perpetrating the attack, and they are using a device to do the orchestration. This can be the attacker’s cell phone, laptop, desktop, or any other connected device. He or she may write the code used to infect the bots themselves, or use someone else’s code.

Command-and-control server: The attacker must first find a master system to use as the command-and-control server. This system is usually vulnerable due to missing patches or weak security. The attacker can infect this master with malware or use other means to hack into the system. Once they have control of the system, the attacker can then set up a botnet — a network of other vulnerable systems that the perpetrator can control from the command-and-control server.

Botnet and bots: A botnet is a network of online hosts (often called bots or zombies) that have been infected by malware, allowing the attacker, via the command-and-control server, to instruct these hosts to send high volumes of traffic to the targeted service. The botnet acts as an army commanded by the command-and-control server and attacker. These bots can be anything from cell phones, laptops, routers, and servers, to Internet of Things (IoT) devices like security cameras and home automation devices. Typically, the bots are distributed around the globe using different service providers. By distributing the source of the traffic and using real host machines, the traffic generated looks legitimate, making it very hard to identify and filter malicious traffic from legitimate traffic. Furthermore, the attacker isn’t actually breaching any security protocols of the targeted service, since all the traffic is coming in via legitimate methods.

As a side-note, once a botnet has been created, it can be used for other purposes like click-bot schemes. Existing botnets can be rented as well, reducing the time it takes for a perpetrator to stage his or her attack. By utilizing a botnet, the actual attacker is very difficult to identify and track down due to the volume of systems participating.

Target: These are the services, applications, or networks that are being targeted by the DDoS attack. The attack can cause outages or slow response times, leading to angry customers, stressed employees, brand damage, and large revenue losses, along with other problems. Emergency and communication services, the relaying of news, monetary transactions, and other services are often affected.

The good guys: So, who are the good guys? Are there any? Well, yes.

There are government agencies, services, and public and private companies that study attacks and develop protection and mitigation techniques. There are various ways this is done: forensic computer science, honeypots (systems designed to appear vulnerable to attackers for reconnaissance), and normal and abnormal internet traffic monitoring and intelligence.

Image result for What is DDoS Attack?

What kind of DDoS attacks are there and how do they work?

Different distributed denial-of-service attack techniques exhaust or saturate the targeted system in different ways. There are three common types of attacks: volumetric attacks, protocol attacks, and application attacks. Each of these can last anywhere from minutes to months and can range from an unnoticeable amount of traffic to more than the highest throughput on record, reported at 1.35 terabits per second.

Volumetric attacks

Volumetric attacks saturate the bandwidth used by the targeted systems. This technique is the most common and the simplest for attackers to perform. Often, attackers use amplification techniques to generate this traffic to avoid needing an extremely large number of resources.

Amplification attacks utilize large responses to small requests, amplifying the traffic to flood the target. This is often done by spoofing the source of the packets, known as reflection, or a reflection attack. For instance, by spoofing the source IP of a DNS request, an attacker can trick DNS servers into sending responses to the target instead of the originator. Since the request sent to the DNS server is small, but the response sent to the victim is large, the attacker is using reflection to amplify the volume of traffic sent to the target.

Using the metaphor above, if there were enough people in the night club to saturate the phone system with their calls, causing legitimate callers to experience lower quality calls or the inability to place a call at all, it would be like a volumetric attack.

Protocol attacks

Protocol attacks utilize weaknesses in Layer 3 or Layer 4 of the OSI model, meaning that they use up all of the memory, processor cores, and otherwise overwhelm equipment resources and/or networks between the targeted system and the end user.

In our 911 example above, this would be analogous to the operators answering each call and putting them on hold as they answer more calls. Eventually, all of the lines are filled with on-hold callers and calls end up being dropped.

Application attacks

Application layer attacks are the most effective and can be very difficult to detect and mitigate. These attacks do not necessarily use a large amount of traffic as compared to the other types of attacks. The target of the DDoS attack is an aspect of the server or application. All of the traffic appears to be normal, so the application tries to respond to each one and gets overwhelmed.

If the operators in the 911 metaphor above responded the same way to each call, treating the non-emergency and non-legitimate calls the same as emergency calls (i.e. not re-routing them to a non-emergency number), they would be overloaded and legitimate emergency calls would go unanswered.

Other types of DDoS attacks

More recently, attackers have been employing multiple attack vectors at the same time, making it more difficult to defend. These are called advanced persistent denial-of-service (APDoS) attacks. Furthermore, DDoS attacks evolve as technology evolves, making it hard for defenders to keep up. For example, the adoption of IoT devices has provided attackers with an increasing number and variety of internet-connected devices to exploit, meaning that even your smart light bulb or smart toothbrush could become part of a botnet.

Additionally, a target’s service provider may be attacked instead of the target themselves, making it harder to pinpoint the cause and even the intended target. This causes a much larger audience to be affected, since many unintended systems and services will also be attacked.

In the future, malware code developers will likely use artificial intelligence and machine learning to enable them to dynamically change their attack as it progresses to sidestep mitigation techniques.

Is anyone trying to stop future attacks?

So, you’ve read this far and realized that distributed denial-of-service attacks cannot be prevented and attacks are continuing to get worse. Is there any hope? Well, yes. There are various internet intelligence companies that collect and share data about DDoS attacks. This data can be used to track down the perpetrators, identify affected hosts and botnets, and understand the evolution of DDoS attacks. In fact, many peers and competitors in the industry have joined forces to understand and combat attacks. For example, last summer’s WireX Botnet was disrupted by the collaboration of researchers from multiple companies (Akamai, Cloudflare, Flashpoint, Google, Oracle Dyn, RiskIQ, Team Cymru, and more). This cooperation is a great example of how these companies and others are working towards improving the quality of the internet for everyone.

How can I protect my service from a DDoS attack?

While it’s impossible to completely prevent distributed denial-of-service attacks, there are multiple ways to protect services and to mitigate any attacks that do happen. Learn as much as you can about the area, prepare a clear plan, and utilize protection services to give your services a leg up. While diligence is necessary, also be secure in knowing that many players in the industry are doing everything they can to keep the internet running smoothly.

Get DDOS Protected Hosting From us:

The new  VPS of the “100% SSD”-series lined up:

VPS MEGA SSD
Four (4) cores CPU
8 GB (guaranteed) RAM
Free .com Domain
200 GB 100% SSD
# Unlimited Bandwidth
Linux / Windows Server 2012
Free One IPv4 Address
(Root) WHM
(Root) Cpanel
200 Mbit/s Connection port
130 Gbit/s Upstream
DDoS Protected
Free SSL
7-Days Money-Back Guarantee
Only 4000 BDT/ month!

VPS PLUS SSD

Six (6) cores CPU
12 GB (guaranteed) RAM
Free .com Domain
400 GB 100% SSD
# Unlimited Bandwidth
Linux / Windows Server 2012
Free One IPv4 Address
(Root) WHM
(Root) Cpanel
100 Mbit/s Connection port
400 Gbit/s Upstream
DDoS Protected
Free SSL
7-Days Money-Back Guarantee
Only 5000 BDT/ month!

VPS PRO SSD

Eight (8) cores CPU
30 GB (guaranteed) RAM
Free .com Domain
800 GB 100% SSD
# Unlimited Bandwidth
Linux / Windows Server 2012
Free One IPv4 Address
(Root) WHM
(Root) Cpanel
100 Mbit/s Connection port
600 Gbit/s Upstream
DDoS Protected
Free SSL
7-Days Money-Back Guarantee
Only 5500 BDT/ month!

VPS BUSINESS SSD

Ten (10) cores CPU
60 GB (guaranteed) RAM
Free .com Domain
1600 GB 100% SSD
# Unlimited Bandwidth
Linux / Windows Server 2012
Free One IPv4 Address
(Root) WHM
(Root) Cpanel
100 Mbit/s Connection port
1000 Gbit/s Upstream
DDoS Protected
Free SSL
7-Days Money-Back Guarantee
Only 9000 BDT/ month!

Here is an overview of the AsiaHost VPS with “HDD + SSD-boost”

VPS MEGA
4 CPU cores
8 GB RAM (guaranteed)
300 GB SSD disk space
100 Mbit/s port
Unlimited Traffic
No setup fee
Additional discount available, depending on the contract period
Only 3000 BDT/ month!

VPS PLUS
4 CPU cores
10 GB RAM (guaranteed)
700 GB SSD disk space
100 Mbit/s port
Unlimited Traffic
No setup fee
Additional discount available, depending on the contract period
Only 4000 BDT/ month!

VPS PRO
6 CPU cores
20 GB RAM (guaranteed)
1400 GB SSD disk space
100 Mbit/s port
Unlimited Traffic
No setup fee
Additional discount available, depending on the contract period
Only 5000 BDT/ month!


Leave a Reply

Your email address will not be published. Required fields are marked *