DDoS Full Form
DDoS stands for Distributed-Denial-of-Service. It is a cyber attack which is a subset of DoS attack and is known to be one of the most persistent and damaging cyberattacks of all time. The first large scale DDoS attack took place in July 1999 when the adversary used a tool called Trin00 to disable the University of Minnesota’s computer network for a duration of two days by infecting a total of 114 computer systems which in turn sent data packets to the University’s website. After a short while, numerous websites like Yahoo, Amazon, CNN, etc. became new victims of the DDoS attack.
What is a DDoS attack?
It is a malicious cyber-attack that occurs in order to disrupt the normal flow of traffic of the targeted server or network by sending an enormous amount of Internet traffic. By doing this, the compromised network or service is inaccessible by the legitimate users.
The attack is distributed, which means that multiple devices are first targeted with a malicious script so that they can be made the sources for traffic.
How does a DDoS attack takes place?
In a DDoS attack, the attacker first requires to gain control of systems on a network. This can be done by infecting them with malicious scripts. After the systems are compromised, each of them is called a bot and collectively, all the bots together constitute something which is called a botnet.
A botnet on a very small scale looks like this (where the attacker controls all compromised devices):
Now the attacker has full control over the botnet and sends updated instructions to all the compromised systems. These bots now send large amounts of data packets to the target IP address and therefore causing it to overflow capacity and eventually shut down.
Due to this, the legitimate users are not able to access the service. Since each bot is also a legitimate internet device which can not be identified as a malware by the compromised service, it is often very hard to differentiate between the normal traffic and fake traffic.
Major types of DDoS attacks
- Volume based attacks –
The attacker tries to consume and overload all the bandwidth between the target server (or service) and the Internet. This in turns creates huge congestion thereby rendering the service inaccessible to the users. This is achieved by sending a large amount of data packets using the botnet. Some examples include UDP floods, ICMP floods, and ping floods, DNS amplification.
- Protocol-based attacks –
The attacker exploits and attacks weaknesses in layer 3 and layer 4 of the Open Systems Interconnection (OSI) model. This attack consumes all the processing capacity of the target and intermediate services and any other network hardware like firewalls to cause network disruption. Examples include SYN flood, Ping of Death.
- Application-based attacks –
This is one of the most challenging to identify. The attacker exploits weaknesses in layer 7 of the protocol stack. The goal is to take down an online application or a website. On the application layer, the attack focuses on CPU or memory and not the network itself. Examples include HTTP floods, Cache bypass, and DNS server attacks.
What are disadvantages/consequences of a DDoS attack?
- Reputation damage of a brand: If a website takes a lot of time to load, users shift to another platform providing similar services. Also, the website will be less trustworthy and to be relied upon.
- Reduction in turnover: For an online website, like an e-commerce platform, if the services are unreachable, no transactions could be made and therefore results in a huge loss.
- Loss in productivity: When a DDoS attack has taken place and critical network systems are shut down, the productivity of company comes to a halt.
DDoS attacks are illegal in a lot of countries and can fall under the category of cybercrime.
If caught, it can result in up to 10 years in jail or a hefty amount as compensation.