DDOS- How to defend against Denial of Service attack in 2022

DDOS ATTACK

What is a DDOS attack?

DDOS attack, or denial of service attack,  is a name for a family of cyber attacks that disable computer systems by creating unusual traffic load.

Such attacks are not new, and the first known DDOS attack occurred in 1996 when a company called PANIX, the oldest Internet service provider, was shut down for days because of SYN overflow, a method that has become a classic DDOS.

Since 1996, the popularity of the attack has increased exponentially, and it has become one of the most significant cyber threats facing companies.

In the third quarter of 2020, the private sector experienced a  50% increase in the number of DDOS attacks compared to last year, and CISCO estimates that by 2023 the number of denial of service attacks will double and reach 15 million.

ciscos-analysis-of-ddos-total-attacks-history-and-predictions
CISCO predicts a significant increase in DDOS attacks by 2023

How does a DDOS attack work?

Each server is built to receive and respond to requests- denial of service attack exploits just that by flooding the server with a large number of requests. 

To create the load hackers seek infected devices and use them as malicious traffic sources.  Hackers can target any device that is connected to the Internet and infected with MALWARE, from computers and cell phones to refrigerators and home security systems. These devices can work without interference so that device owners are not aware that their cell phone has been forcibly “recruited” to an “army of bots”.

The LOG4J vulnerability that emerged in early 2022 raised concerns that this critical vulnerability could be exploited to make device bots, which could prove disastrous given the high prevalence of the LOG4J system.

 It is also difficult for the network administrator to identify bots – each of them has a legitimate IP address. 

Distribution of DDOS attack bots by country
Distribution of DDOS attack bots by country according to A10 report

Types of DDOS attack

There are 3 main ways to flood the server using high traffic volume:

Application-layer attacks

When you type in a website address, like eBay, you are actually asking the server to upload the page to you. This mechanism is what hackers target in application layer attacks- the bots send the server requests that any regular user can make, but in massive amounts and in a short period of time:

  • Uploading a specific URL
  • Upload a specific image within the page
  • Request documents using the GET protocol (a common method of sending HTTP requests)
  • Request to refresh the page

Protocol attacks

Utilizing network-level weakness, this type of attack sends initial connection requests (SYN). The attack causes flooding because the server must respond to SYN requests in one of the following ways:

  • Confirm login request
  • Send a command to complete the login process
  • Wait for a reply from the sender of the request
  • Crash after waiting for too many responses

Volumetric attacks

Composing 50% of all DDOS attacks, this type of exploit floods the bandwidth and disables the server in a lack of free space. One of the most common attacks of this type is a DNS attack.

DNS, a domain name system, acts as the Internet phone book. A DNS attack sends requests that have a very large volume of information to the server, but instead of requesting that this information reach the applicant’s IP (bots/hackers), they request that the information reach the server, thus flooding it with information.

Defense against DDOS attack

Reducing the attack surface- Make sure that the space exposed to DDOS attacks is minimal, by using a CDN, which saves your site content on other servers, and helps distribute suspicious traffic among other servers. In addition, you can also use FIREWALLS or ACL to control what traffic reaches the server.

Identify DDOS attack signs:

  • Suspicious IPs – Notice if requests to your server are grouped in certain areas that are usually not your traffic source
  • A sharp increase in the amount of traffic – many requests at regular intervals and high frequency
  • Low performance – upload time of the site is very slow
  • Disabled website for a long period of time

Security Systems – IDS solutions detect exceptional requests and abuse of protocols. These systems can work with firewalls and WAF, but need security experts to monitor. 

 

 

 

 

Share on facebook
Share on twitter
Share on whatsapp
Share on linkedin

View Free
Pen Test Report

מבדק חדירות רדאנטרי

Latest Cyber News

Start Your Path Towards a
Safer Cyber-World

בואו לקבל דו"ח לדוגמא
של בדיקת חדירות

מבדק חדירות רדאנטרי

העדכונים האחרונים
בעולם הסייבר