What is a DDoS attack?
Online services are vulnerable to a type of cyber attack that aims to silence. These attacks, called denial of service (DoS) attacks, aim to make online resources temporarily or indefinitely unavailable by flooding them with so much traffic that their intended users cannot access or use them.
Unlike DoS attacks which are launched by a single computer (or a small number of computers), DDoS attacks may be launched by millions of computers. Attackers build their “army” of computers by spreading malware through email, social media, and various websites. Once infected, these networks of computers (“botnets”) are exploited without their owners’ knowledge to launch a DDoS attack against a target online service.
The Internet carries a huge variety of traffic, but nearly all of it is wrapped up in just two types of lower-layer packets, TCP (Transmission Control Protocol) and UDP (User Datagram Protocol). Each of these has its own strengths and weaknesses when it comes to DDoS attacks.1
DDoS attacks can vary in nature and scale. Some attacks aim to overwhelm the target by sending huge amounts of random data to saturate the target’s bandwidth, or by sending more TCP connection requests than what a server can handle. Other types of attacks send huge amounts of TCP or UDP fragments, or target specific applications of a service. Some of the most common types of DDoS attacks are summarized in the table below.
|Common types of DDos attacks||Methods|
|TCP connection attacks (protocol attacks)||Sending more TCP connection requests than a server can handle|
|Volumetric attacks||Sending huge amounts of random data to saturate a target’s bandwidth|
|Fragmentation attacks||Sending huge amounts of TCP or UDP fragments to reduce the performance of the target service|
|Application attacks||Overwhelming a specific application of a service|
DDoS attacks target a variety of services, ranging from banks and corporations to websites belonging to human rights organizations or political dissidents. As these attacks aim to prevent the publication of and access to information on target websites, they can constitute a form of censorship. In some cases, attackers are state-sponsored and aim to prevent the public from accessing information published by news sites. In other cases, DDoS attacks can be launched against businesses by their competitors.
State-sponsored DDoS attacks can be sophisticated and have long-term effects. However, one can find DDoS-for-hire services sold in online black markets by a variety of actors for as little as $19.99 per month.
If you think your site is vulnerable, it is important to conduct a risk assessment to determine what precautionary measures you can take to prevent your site from becoming unavailable in the event of an attack.
- 1. TCP is what's known as a stateful protocol, wherein every connection between a client and a server involves a handshake to negotiate the connection settings, and every packet sent includes additional information to help manage those settings and keep track of the connection. Attackers can take advantage of this by opening a connection, but not bothering to finish negotiating the handshake, which forces the server to use more resources than the attacking client. In contrast, UDP is a stateless protocol. Packets are sent with very little additional information or overhead, and if anything goes wrong with the connection it's expected that software at another layer will correct for it. This makes is useful for high-volume connections like streaming media, but it also makes it easy for attackers to generate or forge a flood of UDP packets.