What is a DDoS attack and what is DDoS Protection?

DDoS attacks are becoming more and more common. If you are a business owner of a financial institution, online media, store, or any other type of business that cannot afford to have downtime, chances are you‘ve heard about them. These attacks cripple your network, lead to many angry customers, and cause financial losses.

The high frequency of DDoS attacks is a red flag you should not ignore. Get to know how they operate and what vulnerabilities they take advantage of. Knowledge is key for you to understand how to protect your online business or how to choose the best DDoS Protection plan to be safe.

What is a DDoS attack?

A DDoS or distributed denial of service is a cyber-attack that looks for making an online site, application, or service unavailable to its visitors. To reach this objective, criminals target the hosting server of the victim. After using one or multiple different malicious techniques that already exist, they send huge amounts of traffic to the server to overwhelm it.

DDoS attacks are very dangerous because they can use multiple sources to send traffic to bombard the victim’s equipment. Many unfortunate cases have shown how criminals can infect millions of devices connected to the Internet around the world to execute an attack. For sure, you have heard the term botnet. Well, it exactly refers to this, a group of different devices infected with malicious software that can be controlled through the Internet. Most of the time, owners don’t know that their devices are taking part in a cyber-attack commanded by a criminal somewhere in the world. The wider the botnet is, the more “deadly” the attack is!

Infected devices can include much more than laptops, desk computers, or phones. All types of objects that have software, sensors, and the chance to connect to the Internet can be involved in such an attack. This is called The Internet of things (IoT) – a tech object that uses a connection to exchange data with networks, other devices, etc. home lights, refrigerators, smart toys, coffee machines, toasters, thermostats, security cameras, headphones, alarms, etc. The list is long! And if people don’t protect their network (router) effectively, access for criminals to “recruit” (infect) their IoTs will be easy.

Now you can picture the titanic effort that requires to locate every source of malicious traffic during a DDoS attack. Especially if you are doing it manually.

Executing DDoS attacks or providing all the necessary elements to perpetrate attacks (malicious software, all sizes of botnets, etc.) has become a profitable business for criminals – these “services” are available on the Dark Web markets so pretty much anyone can access them – of course – if they can afford them!

The variety of motivations for criminals to perpetrate DDoS attacks is wide. Let’s say that some hackers want to show off their computing skills by bringing down the servers of international ventures. It’s a challenge they enjoy. Extortion is a common motivation. Some business owners prefer to pay criminals not to disrupt the activity of their e-shops or applications. The defence of ideological beliefs sometimes plays a role here. Hacktivists bring down big companies to get the attention they need for their cause. Some people don’t compete honestly, so they damage rival companies through such attacks. Revenge, ambition, cyber wars, you name it.

The fact clearly shown by statistics is that DDoS attacks increase every year so, criminals don’t seem to stop.

Types of DDoS attacks

There are different techniques and layers for criminals to perform DDoS attacks. Consider that sometimes, criminals combine techniques to make the attack stronger and more destructive.

Check our “DDoS attacks – types and variations” and the “Largest DDoS Attacks: Are we safe?” blogs for more information on this.

Volumetric attacks

Volumetric, also called flood, is the most common DDoS attack. It operates literally by flooding a target with DNS requests. The objective is to produce as much traffic as possible to overwhelm the victim. Its bandwidth gets exhausted, so it stops working properly, or it directly shuts down and the service is denied to the users.

To increase the amount of traffic, criminals use different and combined techniques. Sometimes they amplify it, for instance, by sending little DNS requests with a spoofed IP address of the target to a DNS server. A single DNS request can ask for multiple DNS records. The result is this server will receive the requests and answer them all, meaning, it will send a very large response to the target.

The use of very large botnets has become very common too, and they have proven a deadly effect.

The popular IP/ICMP fragmentation, ICMP floods, and Smurf attacks are volumetric attacks. This type of attack is measured in Gigabits per second (Gbps) or bits per second (bps).

Protocol attacks

Protocols, like the popular TCP/IP, UDP NTP, or SSDP, are sets of rules created to exchange information, to enable communications on the Internet. In some cases, criminals analyze the operation of these rules to take advantage of them directly or to exploit their vulnerabilities. Then, they can define the method to produce and amplify the malicious traffic to execute the attack.

These types of attacks usually work at the 3 and 4 layers of the OSI model. Think about network devices like routers. Since they operate on the network layer, the way to measure them is in packets per second (pps).

UDP floods, IP fragmentation, Connection exhaustion, SYN floods, TCP floods, DNS amplification, NTP amplification, and SSDP amplification are only some examples of protocol attacks.

Application attacks

Application – also called layer 7 attacks – targets vulnerabilities of the applications. Attackers mimic the regular users’ behavior for the traffic to flow and overwhelm the victim. As a result, the application will deny the service to users.

There are different ways to enable this type of attack. In general, criminals hit the web server to make it crash. They can run PHP scripts and contact the database for loading web pages. Just an HTTP request can push the server to execute a large number of internal requests and load many files to answer that request. As a result, the system will slow down until it eventually crashes.

Usually, volumetric attacks don’t require huge amounts of traffic which makes them harder to detect because spikes in traffic can look normal.

Application attacks are measured in requests per second (rps). HTTP flooding, BGP hijacking, slow read, slow post, Slowloris, large payload post, low and slow attack, and mimicked user browsing are only some examples of application attacks.

What’s DDoS protection?

DDoS protection is a group of tools and network management techniques to prevent or mitigate distributed denial of service (DDoS) attacks. Knowing how dangerous and complex the attacks can be, it’s easy to understand that to be protected, a single tool is not enough. You need a combination of them to protect your online business or presence.

In the past, attacks were manually executed, but now, with all the automated capabilities available, once a DDoS attack hits, you need advanced technology to prevent or mitigate the scary event.

For instance, monitoring traffic is critical. It will allow you to identify your traffic’s behavior. Only through constant and effective monitoring, you can distinguish between normal and suspicious patterns. There’s advanced technology (algorithms, software, etc.) to help you with this task. Monitoring is a must to detect potential threats and raise an alarm with enough time to take action.

The incoming traffic to your website has to be analyzed to allow access to the legitimate one and to deny it to the suspicious traffic. DDoS protection currently can distinguish regular human traffic from human-like bots, or “hijacked” devices. Complex security processes take place to check digital signatures and analyze different traffic attributes like IP addresses, HTTP headers, Java Script fingerprints, cookie variations, etc.

Having proper technology to analyze every single DNS request your servers receive to detect damaged, altered, or uncompleted ones, and block them on time is a necessary step to guarantee security.

The traffic allowed to go to the website still has to be filtered, and for this step, there’s also advanced technology and different methods available like rate limiting, whitelisting, blacklisting, deep packet inspection, IP reputation lists, connection tracking, etc..

Load balancing is another solution that can save your bacon. This is a process to distribute the traffic through different servers – multiple servers if possible. This way, you can protect your servers from being overwhelmed by traffic. Besides preventing a potential DDoS attack, load balancing increases availability and enhances the responsiveness of applications. You can use on-premise or cloud-based solutions.

In order to better understand your business needs, you can check different DDoS protection providers to choose the one that best suits you. Remember, that some providers have a limit to protect you from DDoS, based on the size of the attack. This is directly related to the infrastructure and technology they own.

Neterra is a reliable provider of DDoS protection. It offers protection from layer 3 to layer 7 DDoS attacks. Neterra’s cloud platform shields you against attacks which are bigger than 2 Tbps! Its specialized hardware guarantees protection no matter where in the international Internet space the DDoS attacks come from. It protects the traffic coming from international locations in real time without delaying the services on your server.

Neterra also includes Smart Blackholing, an automated, or “smart” solution that allows you to set a limit of traffic allowed to access your network, and if the traffic exceeds this limit, the Smart Blackholing software kicks into action and automatically stops the traffic so it won’t reach your IP address. Then, it scans the routing table to search for the attacking source that is sending the malicious traffic and blocks it. Later, this smart software keeps monitoring the network, and once the traffic gets back to normal levels (below the established limit), it lifts the ban for operations to continue normally.

Neterra’s reliable services are designed to protect the most demanding clients, from Internet Service Providers (ISPs), banking and financial institutions, to online media, e-commerce, gaming, – truly any type of website. You can check more about its firewall protection and special features here: Neterra DDoS Protection.

Your business is worth such a level of protection. Remember that DDoS attacks can be only a cover to perpetrate data theft, damage your internal systems, and steal your financial or intellectual property.

Besides this, DDoS attacks cause direct financial losses to your business. If criminals manage to shut you down, sales will drop. Clients won’t access your website, application, or service for a while or a long time. It depends on the type of attack and the protection you have to stop or mitigate it.

DDoS attacks can make you drop also in the rankings of search engines if they happen regularly. They can damage your reputation and your clients’ trust. They will cost you extra time and money. Yes, unfortunately, dealing with them is not easy and later, you will have to fix the destruction they leave behind.

Conclusion

The ever-growing number of devices connected to the Internet makes the execution of more DDoS attacks plausible. Building a successful business takes a long time, investment, and daily effort. It’s better to prevent than treat! Waiting until it happens to react can have a very high cost. DDoS protection will not only shield your business from attacks but also enhance its general performance. Look for a reliable provider like Neterra.net right now! It’s the first step to be protected from a huge threat.