With work from home being the norm in today’s era, people spend considerable time on the internet, often without specific measures to ensure a secure session. Apart from individuals, organizations worldwide that host data and conduct business over the internet are always at the risk of a DDoS attack.
Now, begin by learning about what is a DDoS attack.
What Is a DDoS Attack?
To understand how a DDoS attack works, you must know what a denial of service attack or a DOS attack is.
In a DOS attack, the hacker seeks to make the resources of a particular server, database, or router inaccessible to its users. This can be done by clogging the available bandwidth of the target, be it via continuous web requests or indefinite ping commands. Analogous to how blocking a shop’s door prevent potential clients from entering it, DOS attacks were complete distress in the early days of network security.
The term DDoS is an acronym for ‘distributed denial of service’. Instead of a single device attacking a single server, DDoS attacks have multiple systems attacking a target, identifying the original hacker. With all the devices trying to access the resources of a server, legitimate users are unable to access them, which causes a server outage of sorts.
Now that you have learned what is a DDoS attack, take a look at how a DDoS attack works.
How Does a DDoS Attack Work?
A DDoS attack is a two-phase process.
Phase 1: The hacker creates a botnet of devices. Simply put, a vast network of computers is hacked via malware, ransomware, or simple social engineering. These devices are a part of a botnet network, which can be triggered anytime to start bombarding a system or a server on the instruction of the hacker that created the botnet. The devices in this network are called bots or zombies.
Phase 2: When the hacker finds the right time to attack, all the zombies in the botnet network send requests to the target, taking up all the server’s available bandwidth. These can be simple ping requests or complex attacks like SYN flooding and UDP Flooding.
You now have a general idea about how DDoS attacks work. Now, learn a little more about the various types of DDoS attacks.
Types of DDoS Attacks
- Volume/Network-Based Attacks: These attacks focus on clogging all the available bandwidth for the server, cutting the supply short. Several requests are sent to the server, all warrant a reply, thereby not allowing the target to cater to general users. Example - ICMP echo requests and UDP floods.
- Protocol Based Attacks: These attacks are meant to consume essential resources of the target server. They exhaust the load balancers, and firewalls meant to protect the system against such DDoS attacks. Example - SYN floods and ping of death.
- Application-Based Attacks: These are relatively sophisticated attacks that target application and operating system-level vulnerabilities. They prevent the specific applications from delivering the necessary information to users and hog the network bandwidth up to the point of a system crash. Example - HTTP flooding and BGP hijacking.
- Fragmentation Attacks: This attack category involves a hacker sending tiny fragments of web requests slower than usual. Since a server needs to receive all the fragments before moving on to a different request, getting stuck with a single request’s fragments takes up all the resources indefinitely. Example - Teardrop attack and ICMP flooding.
To better understand why DDoS attacks are so commonplace in today’s day and age, take a look at some of the aims a DDoS attack may have had when being launched.
Aim of DDoS Attacks
- Competitive Advantage: Many DDoS attacks are conducted by hacking communities against rival groups. Some organizations hire such communities to stagger their rival’s resources at a network level to gain an advantage in the playing field. Since being a victim of a DDoS attack indicates a lack of security, the reputation of such a company takes a significant hit, allowing their rivals to cover up some ground.
- Ransom Demands: Some hackers launch these DDoS attacks to hold multinational companies at ransom. The resources are jammed, and the only way to clear the way is if the target company agrees to pay a designated amount of money to the hackers.
- Activist Behaviour: Certain activists tend to use DDoS attacks to voice their opinion. Spreading the word online is much faster than any local rally or forum. Primarily political, these types of attacks can also focus on online communities, ethical dilemmas, or even protests against corporations.
Now that you have a good understanding of the aim and working of DDoS attacks, you will learn some ways you can protect yourself from such attacks.
Prevention of DDoS Attacks
- Load Balancers & Firewalls: Load balancers re-route the traffic from one server to another in a DDoS attack. This reduces the single point of failure and adds resiliency to the server data. Firewalls block unwanted traffic into a system and manage the number of requests made at a definite rate. It checks for multiple attacks from a single IP and occasional slowdowns to detect a DDoS attack in action.
- Detection & Mitigation: Having a response plan for DDoS attacks is highly crucial. The sooner such a breach is noted, the easier it is to clear the clogging. One can also employ DDoS prevention tools like Imperva to lessen their load under high-pressure situations.
- Switch to Cloud Service: With many organizations already aboard, cloud computing giants like Amazon web services (AWS) and Microsoft Azure have advanced DDoS protection tools in place. Furthermore, this eliminates the need for having a response plan to combat an attack since the engineers at the respective cloud providers will bear the brunt of the breach.
In the final topic of this lesson on what is a DDoS attack, you will see a live demo where a Linux system is breached with a DOS attack.
Live Demo
You have two virtual machine instances in this demo. One of them is Parrot Security, which a hacker generally uses to launch certain attacks like DDoS on specific targets. The second virtual machine is a standard Linux distribution that acts as our target system. The majority, if not all, servers worldwide use Linux as a backend, thanks to its stability and low resource consumption.
1. You have to set up a Wireshark program on our target system, which helps analyze the network traffic being sent and received from the instance.
2. To attack the target, you need to get its IP address, which acts as an identifier for the system. You can find the local IP address by using the command “ifconfig”.
3. To launch the attack, we will need a program called Hping3. It is a command-line tool that acts as a packet generator and analyzer for the TCP/IP protocol. You will use the IP address detected in the previous image to start the attack. The command to be given using hping3 is:
4. Once this command is run, you can watch the Wireshark window on our target system and watch a flurry of requests being sent from a single IP address. After a few seconds, the system becomes completely unresponsive due to the lack of processing power in handling so many requests simultaneously.
What you just launched was a DoS attack or a simple denial of service attack. Attacks of such small magnitude are not able to break down the behemoth servers for multinational corporations. When multiple systems start doing the same thing to more extensive and robust systems, they eventually succumb to the attack unless urgent measures are taken. Since more than a single system disrupts communication, it’s termed DDoS, or distributed denial of service.
With this, you have reached the end of the tutorial on what is a DDoS attack.
Build your network security skill-set and beat hackers at their own game with the Certified Ethical Hacking Course. Check out the course preview now!
How Can Simplilearn Help You?
DDoS attacks have been relatively commonplace in the last few years, thanks to easy access to rented botnets and an increasing reliance on the internet. However, multiple other attacks can target a system and cause irreparable damage to an organization’s data and reputation.
To help combat this, Simplilearn offers a "Cybersecurity Expert" course that teaches beginner and advanced cybersecurity analysts the techniques needed to safeguard data. The modules cover a large array of topics, starting from cryptography to brute force attacks, thereby giving a complete overview of the requirements of an industry that needs trained personnel now more than ever.
Conclusion
In today’s lesson on what is a DDoS attack, you learned about its working, the possible aims, and prevention methods for a DDoS attack. You also learn about the various categories of DDoS attacks and how they can affect a single system using the live demo.
If you have any doubts regarding the lesson, please let us know in the comments, and we will have experts answer them for you as soon as possible.
