What is a DDoS (denial of service) attack?
Year after year attacks on organisations around the world are on the increase. There are several objectives, but one of them is to disable ICT (Information and Communication Technologies) systems, which is achieved through distributed denial-of-service attacks. We explain what DDoS (Distributed Denial-of-Service) is and how you can protect yourself.
What is it?
A distributed denial-of-service attack is identical to a denial-of-service (DoS) attack, except that the magnitude of the attack or amount of network traffic involved is much greater. Flooding techniques using SYN, ICMP or DNS packages are often used and are executed by a large number of computers, usually zombie machines that are infected by some type of malware that goes unnoticed by their users, in order to attack at a planned time and all at once (the collection of machines is generally known as a botnet).
What are they used for?
This type of attack is designed to disable an organisation's ICT systems by creating a large amount of network traffic or requests (flooding), causing saturation of the IT systems and/or the network devices. The aim is to consume all available resources: RAM, use of all possible concurrent sessions preventing legitimate users from accessing a website, consumption of all the available bandwidth of the communication line...
Examples of DDoS attacks
- Syn flood: a large number of packets are sent with the TCP packet SYN flag activated, which are identified by the systems as connection requests, for example to a web server. Leaving these connections open is intended to consume all the resources of the server so that it cannot deal with legitimate requests from users of the page.
- ICMP flood: a large number of ICMP requests are sent, which are used to diagnose the quality of a communications line and/or the availability of devices connected to the network, for example, when we execute the ping command. This action saturates the communication line between requests and responses, as well as the device itself, which is unable to process all requests and respond, preventing normal and legitimate network traffic.
- DNS flood: consists of sending a large number of DNS name resolution requests (when we browse a website, our computer sends a DNS request to locate the IP that is equivalent to that name), and saturating the DNS server by consuming excessive resources to process and respond to the flood of requests, thus preventing users from browsing, for example.
How can you protect yourself against a DDoS attack?
Organisations protect themselves against DDoS attacks in a number of ways:
- Through clean traffic services from ISP operators that provide them with the lines of communications. In the event of a DDoS attack, it is the operator who cleans the attack traffic, only delivering the legitimate traffic to the organisation.
- By contracting services from specialised companies that process the traffic destined for the organisation before it reaches its perimeter and clean up the traffic, only delivering that which is legitimate.
- Implanting anti-DDoS solutions/platforms in the organisation's network that process and clean the traffic coming into the network. This solution is not effective against flooding attacks that saturate the Internet line, as they are on the internal network, but it is effective against DDoS attacks consisting of server saturation, etc.
As we have seen, denial of service, in terms of computer security, is a set of techniques aimed at rendering a system or network inoperative. These types of DDoS attacks seek to overload resources and prevent legitimate users from using their services.