2019/02/25 Cisco Security Solutions 685 visit(s)
According to Cisco, a distributed-denial-of-service, or DDoS, attack is the bombardment of simultaneous data requests to a central server. The attacker generates these requests from multiple compromised systems.
DDoS attacks achieve effectiveness by utilizing multiple compromised computer systems as sources of attack traffic. Exploited machines can include computers and other networked resources such as IoT devices. From a high level, a DDoS attack is like a traffic jam clogging up with highway, preventing regular traffic from arriving at its desired destination.
In doing so, the attacker hopes to exhaust the target’s Internet bandwidth and RAM. The ultimate goal is to crash the target’s system and disrupt its business.
When launching a DDoS attack the attackers aim at making a service or a server unavailable. In order to do so they infect one or various computers with malware. The attackers use this infected computer network, known as botnet, to launch their DDoS attack. Using the botnet, they attack their target by sending a large amount of requests to the infrastructure.
The more computers are in one botnet, the stronger is the attack. Attacked servers without DDoS protection cannot handle so many requests, their Internet connection breaks down. Websites either load extremely slowly or are not available at all.
A DDoS attack requires an attacker to gain control of a network of online machines in order to carry out an attack. Computers and other machines (such as IoT devices) are infected with malware, turning each one into a bot (or zombie). The attacker then has remote control over the group of bots, which is called a botnet.
Once a botnet has been established, the attacker is able to direct the machines by sending updated instructions to each bot via a method of remote control. When the IP address of a victim is targeted by the botnet, each bot will respond by sending requests to the target, potentially causing the targeted server or network to overflow capacity, resulting in a denial-of-service to normal traffic. Because each bot is a legitimate Internet device, separating the attack traffic from normal traffic can be difficult.
UDP flood: User Datagram Protocol (UDP) floods attack random ports on a remote server with requests called UDP packets. The host checks the ports for the appropriate applications. When no application can be found, the system responds to every request with a “destination unreachable” packet. The resulting traffic can overwhelm the service.
ICMP (ping) flood: An Internet Control Message Protocol (ICMP) flood sends ICMP echo request packets (pings) to a host. Pings are common requests used to measure the connectivity of two servers. When a ping is sent, the server quickly responds. In a ping flood, however, an attacker uses an extensive series of pings to exhaust the incoming and outgoing bandwidth of the targeted server.
HTTP flood: An HTTP flood is a Layer 7 application attack that uses botnets, often referred to as a “zombie army.” In this type of attack, standard GET and POST requests flood a web server or application. The server is inundated with requests and may shut down. These attacks can be particularly difficult to detect because they appear as perfectly valid traffic.
Slowloris: Named after the Asian primate, the Slowloris moves slowly. The attack sends small portions of an HTTP request to a server. These portions are sent in timed intervals, so the request does not time out, and the server waits for it to be completed. These unfinished requests exhaust bandwidth and affect the server’s ability to handle legitimate requests.
SYN flood: In a SYN flood attack, the attacker sends seemingly normal SYN requests to a server, which responds with a SYN-ACK (synchronized-acknowledgment) request. Typically, a client then sends back an ACK request, and a connection is made. In a SYN flood attack, the attacker does not respond with a final ACK. The server is left with a large number of unfinished SYN-ACK requests that burden the system.
Ping of Death: In a Ping of Death attack, the attacker tries to crash or freeze a server by sending a normal ping request that is either fragmented or oversized. The standard size of an IPv4 header is 65,535 bytes. When a larger ping is sent, the targeted server will fragment the file. Later, when the server formulates a response, the reassembly of this larger file can cause a buffer overload and crash.
Every industry and every company can become a victim of a DDoS attack. Thus it is not a question of if it will happen to your company, but rather when it will happen. Cyber criminals and extortionists target e-commerce, insurances and financial institutions, manufacturers, or the health sector. They also like to attack data centers and organizations from the public sector.
An attack always has a negative impact on the affected company, regardless of the technique. The companies can feel the repercussions for years after the attack. Therefore, an effective DDoS protection is key.
A few minutes offline can cost thousands of euros. Lost sales and wasted marketing budgets only form one part of the financial damages.
A DDoS attack entails an incalculable damage to one’s reputation. To restore the image costs many resources and can take to years.
When the target audience cannot reach your website, the impatient user might leave and buy at the competitor’s website.
Possible theft of company or client data can have unpredictable repercussion. It can mean the end for some companies.
As a premier Cisco partner in Saudi Arabia, Ctelecoms can help you guard against all types of cyber security threats, including DDoS attacks. We provide a wide range of Cisco security solutions for businesses of all sizes across KSA. Talk to Ctelecoms team today and let us get your business protected.