Distributed denial of service (DDoS) is one of the most damaging attacks industries and internet users are experiencing now.
A distributed denial-of-service (DDoS) attack is an attack in which multiple compromised computer systems attack a target, such as a server, website or other network resource, and cause a denial of service for users of the targeted resource. The flood of incoming messages, connection requests or malformed packets to the target system forces it to slow down or even crash and shut down, thereby denying service to legitimate users or systems.
DDoS attacks have been carried out by diverse threat actors, ranging from individual criminal hackers to organized crime rings and government agencies. In certain situations, often ones related to poor coding, missing patches or generally unstable systems, even legitimate requests to target systems can result in DDoS-like results.
How DDoS Attacks Work?
In a typical DDoS attack, the assailant begins by exploiting a vulnerability in one computer system and making it the DDoS master. The attack master system identifies other vulnerable systems and gains control over them by either infecting the systems with malware or through bypassing the authentication controls (i.e., guessing the default password on a widely used system or device).
A computer or networked device under the control of an intruder is known as a zombie, or bot. The attacker creates what is called a command-and-control server to command the network of bots, also called a botnet. The person in control of a botnet is sometimes referred to as the bot master (that term has also historically been used to refer to the first system "recruited" into a botnet because it is used to control the spread and activity of other systems in the botnet).
Botnets can be comprised of almost any number of bots; botnets with tens or hundreds of thousands of nodes have become increasingly common, and there may not be an upper limit to their size. Once the botnet is assembled, the attacker can use the traffic generated by the compromised devices to flood the target domain and knock it offline.
What are the types of DDoS attacks?
There are three types of DDoS attacks:
Network-centric or volumetric attacks overload a targeted resource by consuming available bandwidth with packet floods.
Protocol attacks target network layer or transport layer protocols using flaws in the protocols to overwhelm targeted resources.
Application layer attacks overload application services or databases with a high volume of application calls.
The inundation of packets at the target causes a denial of service.