DDoS
A distributed denial of service (DDoS) attack is a brute-force attempt to slow down or completely crash a server. The goal of a DDoS attack is to cut off users from a server or network resource by overwhelming it with requests for service.
Common types of DDoS attacks
Volume based attack: This includes UDP, ICMP and many other spoof-packet floods that attempt to consume bandwidth.
Protocol attacks: This kind of attack go after server resources directly and include the SmurfDDos, Ping of Death and SYN floods. If large enough packets-per-second rate is achieved, the server will crash.
Application layer attack: They target apps by making what appear to be legitimate requests (GET/POST) but at a very high volume. If there are lots of requests in a very short period of time, the victim's server shuts down.
DoS vs DDoS
While a simple denial of service (DoS) involves one attack computer and a victim, distributed denials of service (DDoS) rely on armies i.e. thousands of infected "bot" computers which carries out tasks simultaneously.
Impact of DDoS Attacks
Depending on the severity of an attack, resources could be offline for couples of hours, days or even weeks. Money, time , clients, reputation can be destroyed. During an attack, employees are not able to access network resource, and in the case of web servers running eCommerce sites, no consumers will be able to login, purchase products or receive assistance.
What are the protective measures against DDoS attacks
Limit the number of login attempts any user can make before being locked out of an account.
Tolerate a web-server configuration against DDoS attacks.
Configure an ISP firewall to allow only the traffic complimenting to the services on the company side.
Tweak your firewall to fight SYN flood attacks.
Migrate public resources to another IP address.
Upgrade your Hardware.
Other Resources
NCC Cyber Incident Response DDoS
Imperva DDoS Response Playbook
Top comments (0)