What is Distributed Denial of Services(DDOS)?
In DDOS a group of hijacked internet connected devices known as botnets, are the infected devices which have a malicious software. These devices are controlled as a group without the knowledge of the owner. These botnets flood the network with traffic from multiple sources, in thousands or even more than that. All the hijacked devices can be used to perform an attack on the particular target device. It is known as a distributed attack because the attacker uses multiple computers to perform the denial of service attack.
Categorization of DDOS Attacks:
- Volume bases: The main aim here is to saturate the bandwidth of the targeted system.
- Protocol Attacks: In this attack, the aim is to consume actual server resources.
- Application layer Attacks: In this attack, the main aim is to crash the web server, whose magnitude is measured in request per second.
Application layer Attacks:
In this, the infected data packets are sent over different network protocols in order to consume the victim’s bandwidth and to choke the internet flow.
e.g. Slowloris, RUDY, XML, SNMP and HTTP Flood attacks.
Slowloris: It requires minute bandwidth to implement and hamper the target web servers and does not alter any other services and ports. It sends partial HTTP requests which never seems to be completed, ultimately filling up the targeted server’s maximum connection pool and none of the legitimate connection attempts are further accepted.
It came into limelight after the use of this attack in the 2009 Iranian Elections to target the government websites.
RUDY Attack: This attack is generated using a tool which browses the target site and exploits the embedded web forms. Once these forms are identified, RUDY sends a legitimate HTTP POST request along with an unusually long content header field. Then it starts injecting the form with information, a one-byte sized packet at a time. Then the information is sent in small parts at a very slow rate. These attacks can last for long period of time if they remain undetected.
HTTP Flood Attack: In this attack, the hacker tampers the HTTP ad POST unwanted request in order to execute the DDoS attack on a web server or application. It requires less bandwidth to perform an attack.
SNMP attacks: In this, attacker generate requests over Simple network management protocol, from the victim in order to spoof the servers. They accept the requests over such protocols from the internet in order to flood the targeted system.
Tools of DDOS: LOIC, XOIC, HOIC, BOTNETS, JMeter, Insecure IOT devices, and Dirt Jumper are the few tools which can be used for DDoS attacks.
Impact of DDOS Attacks:
- Revenue losses- Average cost of downtime is $5600/minute. A DoS attack can cost an internet-dependent company an amount of $1 million even before the company starts to mitigate.
- Reputation Damage
- Productivity Loss
How can you be secure from DDOS Attacks?
- FIREWALL: Upgrading the firewall can help to some extent, but not always.
- Have multiple servers, so that good load balancing can be achieved and the possibility of any DOS attack can be reduced.
- Have a BCP ( Business continuity plan) ready.
- Conduct regular security audits.
- Patch your servers.