You might have heard the term “DDoS” thrown around – well, it’s an acronym for an increasingly common security risk: the Distributed Denial of Service attack, where websites are disrupted by means of large networks of bots. Hackers use anything from thousands to millions of bots in order to generate so much traffic that a web server is overloaded – and unable to respond to legitimate users. Hence the phrase “denial” of service – and the acronym, DDoS.
Hackers could use a DDoS attack to try and get money from a website owner, or DDoS can also be used for terror or political purposes. Though DDoS does not necessarily mean that an intruder has gained access to your site, it will likely mean that visitors to your website will be unable to visit your site – meaning anything from lost viewers to lost revenue.
DDoS attacks can last a long time – as much as week or even longer if not caught early. More commonly DDoS attacks can take around a day to mitigate, but during this time a website (or an application) can for all intents and purposes appear as if it is offline. Website owners could try to use a firewall that works on the DNS layer to try and stop a DDoS attack.
The different types of DDoS attacks
Hackers can use different methods to try and pull of a DDoS attack, and you need to understand what kind of attack it is if you want to successfully block the illegitimate traffic which is flowing to your website.
Volumetric DDoS attacks
Under a volumetric DDoS attack hackers focus on bandwidth: by overloading the bandwidth to your site with traffic it crowds out real users whose traffic won’t fit through the available bandwidth. The result: your website crashes and an error comes up. Increasing the bandwidth won’t fix the issue because hackers will simply generate more traffic – you need to find a way to mitigate the DDoS attack.
Application DDoS attacks
Website owners can struggle to stop application DDoS attacks because the traffic that goes to a web server can appear incredibly similar to normal day to day application traffic. A hacker would launch an application DDoS attack, hammering away until an application goes down. Often the attacker focuses on a specific application – a specific area of a website – rather than the entire website. It can be a slow and difficult process to detect these attacks, meanwhile the hacker will build up traffic until the application stops functioning.
Protocol DDoS attacks
Another DDoS attack method, but different in scope, is the protocol attack where a malevolent actor sends ordinary requests, that are synchronised, trying to connect to a server – in turn, the web server accepts the request and creates a connection – but the attacker never respond to the accepted request; simply continuing to add new requests until the server eventually overloads and crashed.
In another example, hackers can send a particular type of ping request – an oversized ping, also called the “ping of death”. As soon as a server tries to process this ping it simply crashes under the massive load of this huge ping request.
Preventing DDoS attacks can be tricky, one highly recommended option is to use something called a WAF, or Web Application Firewall. Two good examples are Cloudflare and Sucuri, both of which are able to pick up on DDoS attacks – mitigating these attacks before it is too late.