A DISTRIBUTED DENIAL OF SERVICE ATTACK, subsequently referred to as a DDoS attack, refers to a type of malicious exploit in which the primary goal is to interrupt regular network traffic on a targeted device. The attack involves overwhelming the device with a flurry of traffic, thereby preventing it from replying to legitimate network requests. The higher the number of attacking computers or systems used to carry out a DDoS attack, the greater the chance of its effectiveness.
The first stage of a Distributed Denial of Service attack is known as recruitment. This usually occurs through the assistance of malware created with the sole purpose of turning one or more host computers into a network of zombie machines known as a botnet. While the actual process is a lot more complicated, each computer acts as a node on the botnet, responding to the command of a single controller.
At the controller’s disposal, the botnet receives the IP address of a targeted device, which could be a router, server, computer or smart phone. The only prerequisite is that the targeted device be connected to a network. The node, or bot, then sends a number of requests to the targeted device all at once, resulting in the disruption (or denial) of service. The ripple effect is the slowing or blocking of legitimate requests, as network traffic, whether legitimate or malicious, is often indistinguishable.
Types of Distributed Denial of Service attacks
The layer on which a DDoS attack is implemented also determines its type or category, which can be one (1) of the following seven (7) components of the Open Systems Interconnection (OSI) networking model:
- Application layer
- Presentation layer
- Session layer
- Transport layer
- Network layer
- Data link layer
- The physical layer (or the wire form of the network)
Application layer attacks
An application layer attack is an exploit which involves an end user. One distinguishing component of such an attack is its exhaustive nature: The resources of the targeted system, which are responsible for HTTP requests and the generation of web pages, are greatly consumed. An example of this would be a botnet’s repeated targeting of an end device with a GET command for specific or random values.
Also known as state exhaustion attacks, the exploitation of protocols can use up most (if not all) the table capacity of servers or central resources which function as firewalls and other intermediary components.
As its name suggests, this type of attack involves the consumption of available bandwidth between the Internet, or communicating network, and the end computer or device.
Mitigation of DDOS attacks
The only way a Distributed Denial of Service attack can be mitigated relies on one’s capability to distinguish legitimate requests made to receiving devices from those that are malicious. As previously mentioned, network traffic is not always distinguishable, which makes the task of doing so both challenging and complex. The following approaches are said to be “layered” in order to achieve the best possible results when working to prevent or resolve a DDoS attack:
Black hole routing involves the creation of a route in the network which essentially leads to nowhere. Traffic (ideally, the kind that is malicious) is redirected here, thereby failing to reach its intended target.
Rate limiting refers to a limit on the number of requests that a server can accept over a given period of time.
Web application firewalls serve as intermediaries between the server and network to ensure that all requests are genuine and meet a certain threshold.