Distributed Denial of Service attack, abbreviated DDoS is a common type of attack aiming to interrupt the end users from accessing a certain network server, typically by flooding the servers with excessive, fake traffic. This causes the server to slow down drastically, and appear unavailable to the target audience. The primary targets of DDoS attacks include popular websites including those of banks and financial institutions where online payments are carried out. Best known websites including WordPress, Twitter, VISA, and Mastercard have been successfully attacked by numerous DDoS attacks over the time. The attacks typically result in only the service unavailability, the website data is not interfered with.
Denial of Service attacks (DoS) where a single machine is used to send numerous HTTP and Ping requests to a target machine aiming to flood it with incoming traffic could be easily dealt with, by blocking the IP Address of the source, or using numerous tools available to block the Internet Control Message Protocol (ICMP) threats. DDoS attack is a much more sophisticated form of DoS attacks, ensuring thousands of machines, possibly from around the globe, attack a single target simultaneously , which renders the blocking of IP addresses useless. Due to this widespread nature, this even probes a problem in filtering the fake traffic from the real traffic which makes it even more difficult to prevent. Essentially DDoS attacks are carried out by botnets, and since hackers are paid huge amounts of money for lending their botnets to carry on DDoS attacks, these attacks are common, and harder to address.
How to Protect Your Website
A much more sophisticated DDoS attack is really hard to stop, however you can take several precautions before your site is brought down by a DDoS attack. It should also be noted that once your website is a victim your Internet service provider and your host would sideline or use a null route for your website to prevent other sites from being infected, which results in blocking fake as well as legitimate traffic, accessing your website.
Preventing SYN Flood Attack
SYN flood is a DoS attack targeting the hosts running TCP servers. Huge amount of SYN requests are sent to a target server, forcing to create fake half-connections which ultimately results in server lacking enough resources to allow real connections.
Using SYN cookies to deal with SYN attacks is one way to minimize SYN flood attacks. SYN Cookie is a selected TCP sequence used to prevent the servers from being filled up with SYN requests. To address several drawbacks of SYN cookies, TCP Cookie Transactions have been introduced. Apart from using SYN cookies, filtering out spoofed IP packets using Unicast Reverse Path Forwarding (uRPF), decreasing the time interval of SYN-RECEIVED cycle, using larger backlogs and using SYN cache etc. can be used to minimize the SYN flood attacks. Using a firewall to monitor the connections is important as well. However it should be noted that many DDoS attacks do exist that can easily penetrate firewall protection.
Preventing HTTP Flood attack
HTTP flood attacks involve sending HTTP requests to a target repeatedly over a short period of time, which results in server being unresponsive. These attacks are too difficult to prevent, because it’s harder to filter the fake requests from those of the regular users. Due to this reason, HTTP attacks accounted for more than 88.9% of the DDoS attacks on 2nd quarter in 2011, according to Kaspersky Lab reports. To prevent HTTP attacks, a tarpit can be used effectively to delay the incoming connections. Another way to prevent from these attacks is to use a reverse proxy, which would divide the incoming connections into several groups, minimizing the threat.
Preventing Smurf Attack
Smurf attacks typically consist of sending large amounts of Internet Call Management Protocol (ICMP) echo requests to an intermediate broadcast address, using spoofed addresses of the victims. Due to this the victim’s system gets saturated with incoming traffic, which results in a DDoS condition. Another attack of similar nature is the fraggle attack which uses User Datagram Protocol (UDP) instead of ICMP. Typically spoofed UDP packets are sent to chosen broadcast addresses which direct excessive chunks of traffic to the target systems causing the systems to crash.
Taking necessary steps to block the incoming ICMP packets, configuring the router ports to stop forwarding direct broadcast transmissions, configuring the router to block the UDP, Using a firewall protection with built in Smurf and Fraggle filters are some ways to protect your website from these attacks
Preventing Ping Floods
Ping Flooding is an older method of DDoS attacks, which isn’t much popular because it requires a large bandwidth. This mainly focuses on sending chunks of ICMP echo requests to a target system continuously, forcing the target to crash if it tries to reply to the ICMP requests. Ping Floods can be easily prevented by blocking the IP Address of the attacker or by simply delaying the server replies to the pings.
Preventing Peer to Peer Attacks
Peer to Peer Networks are exploited by the hackers to disconnect clients from the P2P network and to connect them to the target system, which ultimately crashes as a result of the sudden rise of traffic. This is typically carried out using DC++ which makes it much more difficult to prevent these types of attacks. These are harder to block due to the large amount of IP Addresses associated with a single attack, although identifying such attack isn’t much of a problem due to the associated signatures. Upgrading the network hubs, configuring the P2P protocol to specify allowed ports would help you prevent these attacks.
This article on DDoS attack protection is proudly presented by D. Blackthorn, an online security specialist from Drm Removal – drm converter team.