Distributed Denial of Service (DDoS) attacks have been around for a while, but since the turn of the millennia we have seen an increasing use of DDoS attacks that target large corporations, small businesses and even individual users. Firewalls and Intrusion Prevention Services (IPS) provide little to no protection against DDoS attacks and can leave companies and individuals with a false sense of protection.
A Denial of Service attack is when a person uses a program to interrupt the services of a host computer which is connected to the internet. Distributed Denial of Service refers to a Denial of Service attack by two or more users or bots. Hacker groups such as -Anonymous- can use multiple resources that temporarily or indefinitely take a system down, often using DDoS to block detection of a data breach. Such was the case for Sony a few years back, when hackers were able to access millions of customer records from its Play Station Network users.
If you think DDoS only affects the bigger corporations, guess again. Any business that has a presence online is vulnerable to DDoS attacks, as almost anyone with even a mediocre understanding of the internet and computers can perform a DDoS attack; with programs making the task as easy as entering a site or IP address and pushing a button. DDoS attacks can post a significant security threat, one should not take them lightly if a business relies on the internet for its day to day operations.
DDoS has also evolved through the years. At one time a DoS attack would consist of a single person who would attempt to flood a server or host computer by sending a flood of Ping packets or ICMP Echo Requests to the other computer. This method would only work if the user’s computer was faster than the host computer. Hackers found a way around this limitation by using larger computers such as those found at universities and research facilities to send the packets. Soon after hackers figured out a way of distributing bots through malware and Trojans that could be programmed to be used in conjunction for a true Distributed Denial of Service attack. Some malware authors actually rent their compromised network of computers by the hour. All a potential DDoS attacker has to do is pay the botnet owner a certain amount of money and all those compromised computers are aimed at the single target computer, ready to take it down.
The types of DDoS attack evolved as the methods evolved. While at first there was the standard ICMP ping attack, which is now easily blocked, new methods had to be deployed. Then came Syn attacks, where a user will open a TCP connection but never finish the handshake, leaves a TCP connection open. When enough connections are open the system is overloaded and shut down. Another type of attack to use is the DNS. Since most servers have an open DNS that allows anyone to query servers, all a user has to do is find an open DNS and send a fake UDP packet to the DNS server. The UDP packet would have the address of the target system, which the DNS would return information to; if a bot were set up to use several DNS servers in this fashion, the target computer would suddenly get a flood of replies resulting in a possible shut it down.
With so much talk about DDoS attacks you are probably wondering how you can protect your network. Well there is no full-proof method from a DDoS attack, but there are quite a few preventative steps you can take in order to minimize your risk and damage in case of an attack. One thing many businesses are looking into today is using redundant DNS servers, so that if one server is bombarded, a second or third server can be used to offload the extra data. There are also DDoS detection programs that can detect a possible attack and activate a lock down for your system before the DDoS can harm it.
The best recourse, however, is to outsource your internet security to a company which is knowledgeable about DDoS. Companies like these can work with you to ensure that all gaps in your current security system are fixed and provide you with current solutions and technologies. Foresight is the key, don’t wait until your server is taken down and you have hundreds of angry customers and an extensive loss of revenue. Prepare now for the future because it doesn’t look like DDoS attacks are going to decrease any time soon.