Distributed Denial of Service (DDoS) translates as “distributed denial of service”. The attack is based on the limitations of some service – for example, a web server, when the number of requests exceeds their processing capabilities. The attacked resource becomes unavailable, “freezes”, etc
. Objects of DDoS attacks: online stores, large portals, casinos and other organizations that provide services via the Internet. For such companies, even one hour of downtime threatens significant losses.
It is difficult to determine the initiator of the attack, since requests come from different IP addresses (for example, from a botnet). These may be hacker groups hired by competitors, or attackers who are engaged in blackmail.
There are specialized sites where you can order a DDoS attack. The customer specifies the object, selects the tariff package and pays for the service. It is almost impossible to track the client, since the information about the transaction is encrypted or not saved.
Information security audit
Classification
DDoS attacks are divided into three types, depending on the level and type of impact on the object:
-
Exhaustion of resources
The client is “bombarded” with packets over the selected protocol (for example, UDP or ICMP) on random ports. The server checks the incoming data and sends a response to the specified port number. If the node is unavailable, the host sends a reply message marked “The node is unavailable”. As a result, the channel is overflowing with packets with randomly specified port numbers.
-
Using the features of the HTTP protocol
The attacker conducts a preliminary analysis of the attacked object, looks at the requests that are directed to the database, and selects the most “heavy” POST requests. Next, it sends the packet to the target node using infected computers (bots). As a result, the host “chokes” on the simultaneous number of packets that come to it, and stops responding.
-
Using the features of some protocols to create a queue
A cybercriminal sends a SYN packet to an endpoint as a validation test for accessibility. The server confirms the receipt and sends a synchronization request in response. At this point, the attacker does not send the message, so the server queues the received packet to wait for confirmation. Simultaneous sending from multiple IP addresses leads to buffer overflow.