DDoS attack
Distributed Denial of Service (DDoS) is an attack based on limiting the capacity of a service, such as a web server, when the number of requests exceeds its processing capabilities. The attacked resource becomes unavailable, “freezes,” etc. Targets of DDoS attacks include online stores, large portals, casinos, and other organizations that provide services via the Internet. For such companies, even one hour of downtime can result in significant losses. It is difficult to identify the initiator of the attack, as requests come from different IP addresses (for example, from a botnet). These may be hacker groups hired by competitors or malicious actors engaged in blackmail.
There are specialized websites where you can order a DDoS attack. The customer specifies the target, selects a pricing plan, and pays for the service. It is virtually impossible to track the customer, as the transaction information is encrypted or not stored.
[text_with_btn btn=”Learn more” link=”https://itglobal.com/ru-ru/services/info-security/security-audit/”]Information security audit[/text_with_btn]Classification
DDoS attacks are divided into three types depending on the level and type of impact on the target:
-
Resource exhaustion
The client is “flooded” with packets using a selected protocol (e.g., UDP or ICMP) to random ports. The server checks the incoming data and sends a response to the specified port number. If the node is unavailable, the host sends a response message marked “Node unavailable.” As a result, the channel becomes overloaded with packets with randomly specified port numbers.
-
Using the features of the HTTP protocol
The attacker conducts a preliminary analysis of the target, reviews the requests sent to the database, and selects the most “heavy” POST requests. Then they send a packet to the target node using infected computers (bots). As a result, the host gets “overwhelmed” by the simultaneous number of packets coming to it and stops responding.
-
Using the features of certain protocols to create a queue
The cybercriminal sends a SYN packet to the endpoint as an availability test. The server confirms receipt and sends a synchronization request in response. At this point, the attacker does not send a message, so the server queues the received packet to wait for confirmation. Simultaneous sending from multiple IP addresses leads to buffer overflow.