DDoS Attack: What you need to know

DDoS. The acronym that strikes fear into the minds of those with computer knowledge, and the one that makes people go, Huh…? if they don’t (have much computer knowledge, that is).

If you have no clue what DDoS stands for you may think it’s just a phrase that gets passed around on the tongues of the tech team. That doesn’t concern you, right? Or maybe you think it is the name of a really good but obscure rapper, his repertoire one you haven’t yet familiarized yourself with.

Let’s not fool ourselves – DDoS is not a rap artist, nor is it something you should move about your life unfamiliar of. It is a very active threat in our relatively new computer enthroned days, and it stands for distributed denial of service.

This is a threat that can bring down entire networks and companies. Even without a song on the charts, it’s got major hits to its name. Perhaps you remember the internet outage across the US in October of 2016, which caused large companies like Pinterest and Etsy to go down. This was due to a DDoS attack that was directed towards the internet’s infrastructure. Back as far as 2010, Virgin Blue airlines lost upwards of $20 million after they were offline for over 10 days from a DDoS attack.

One of our system administrators, who has over 20 years of experience in dealing with DDoS attacks, defines it as an “[a]ttack coming from a bunch of different sources around the world. …Large amounts of traffic, sent to one or more IP addresses or destinations, to bring the site or network down.” (Quotes in this article are taken from Fibernet system administrator Jon Bayless.) It cuts off the ability for legitimate connections by taking all the connections for itself. Rude, to say the least! Sharing is caring, and well…DDoS never learned to share.

DDoS is an interesting threat, especially when you take into account the amount of creativity behind it! There are literally thousands of these attacks, and more being created every day. This article will lay out common DDoS attacks and tools, and rap up with ways you can help manage the potentiality of a DDoS attack. (It would be cool if we gave names to each DDoS attack like we do hurricanes, but in reality we would run out of names!)

Although there are numerous DDoS attack types, the end goal is usually the same, and that is to “overwhelm the bandwidth, exhaust the [available] resources that the target needs, therefore server capacity is maxed out.” The target is usually an IP address associated with a device. The target could be a server, website, or company network. Sometimes the attackers will go after an email account or website host name. Below are examples of a few of the common techniques and types that are used.

DDoS TECHNIQUES & TOOLS

Spoofing This is when an IP address is used that is not your own. Well, their own. The attackers don’t want you to be able to easily block them so they use an alternate IP address. This makes it a longer process to track them down during an attack, and it also can protect their real identity so they can use the same IP address in the future.

Botnets are conglomerations of connected computers or devices that are all controlled by one network. They can be platooned to attack one target all at once. When you get spam, or download content off the internet, sometimes a small file will be downloaded to your computer and get past firewall or virus detectors because it doesn’t do anything malicious. As long as your computer is still connected to the internet it can be deployed using this file, and whenever the network holding the reins makes a call-to-arms. This is how so many computers (sometimes millions!) can be used together for a DDoS attack, unknowingly to the user.

Internet of things (IoT) These days, things you maybe never thought would have an internet connection do. Like, a fridge. Or a baby monitor. A car! Your pets are next! Basically, any device that has network connectivity is part of the Internet of things, and these can all be exploited, manipulated, and used for DDoS attacks.

Low orbit ion cannon (LOIC) This is a software application (not a weapon of mass destruction) that is open source, meaning anyone can download it and play around with it. This is used to flood the target with protocol packets that will use up the target’s processing resources, therefore rendering it unable to continue running.

TYPES OF DDoS ATTACKS

Amplification attack This is a very common attack. The attacker requests a large amount of data while pretending to be another server/device. The large amount of data is then sent from the posing server to the victims server, overwhelming it. It’s a way to attack someone with someone else’s server. It’s like stealing someone’s car to ram down a fence, load it up with tons of useless junk, and drive it to the victim’s doorstep. You can take the car back to the owner’s house and sleep in your own that night.

Resource exhaustion This is where all of the resources available are being used to process either requests or pings, and your device or website basically shuts down. You could compare this to your computer crashing after you have opened up all thousand of your Word documents containing your bad poetry, 50 Amazon tabs for all your hunting gear, and watching 5 different Chucky movies on Netflix, all at the same time!

UDP flood This attack randomly hones in on any ports that are left open. (A firewall would prevent this from happening.)  If the parking spots in a parking lot are not taken they are free game, after all!

SYN flood In this attack, the attacking server sends fake connection requests to the target. The hope is that they send enough fake connection requests to consume enough memory, so that none will be available to legitimate visitors. Once again, doesn’t want to share with the good folks down the street.

http flood With this attack the attacker makes such a large amount of requests to a website that the website’s server cannot take the pressure and either has a nervous breakdown and crashes, or is unable to load for the genuine visitors.  Sometimes this is not malicious: it can happen from a large spike in inquiries to a person’s website, like if a celebrity makes a plug for a product and generates more interest than the server is used to. It can’t take the heat!

PREVENTIVE MEASURES

Having a firewall or office network is a great start for helping prevent a DDoS attack from happening. A firewall allows you to close ports on your network that you don’t need to have open, and can identify and boot attempted attacks to your system. Check out our firewall service here.

Have your system be aware of known botnets. Some botnets are known to the cyber security world and with the right help you can equip your system to identify and block these connections before they happen.

Get set up with Cloudflare. This is a great tool that acts like a screen for your system. It will keep out the threats by sorting traffic coming your way, so before a threat could even see it’s target, it would first get processed through this software. Cloudflare block the threats before they reach their target.

Good system administrators close holes in your system, therefore making it harder to exploit. (Get a Jon Bayless on your team.) Monitoring keeps you knowing what is going on and speeds up response time. We are talking going from what could be a days long fight to a minute long brawl! Sometimes the solution can be as simple as talking to your ISP (internet service provider). If you have a good administrator they have a relationship with your ISP, making it relatively simple to get in touch with them. Check out our managed services if you would love to have this job taken off your hands!  You can check them out here.

KEEP IN MIND…

It is common for bad people (you know, those bad people – the ones that aren’t good) to do a DDoS attack to distract you or your team from the attacker’s real goal. Like, let’s send a guy to stick up the mini mart first and then while they send forces there, we’ll go rob the bank! Having a strong defense on all fronts is key to knowing if this is what is happening.

DDoS attackers often attack with the intent to get something from you. Extortion is alive and well on the internet, folks! Let’s not turn a blind eye to it and instead prepare for the possibility that it could happen to you.

Botnets are for rent! Someone wants to take you out but they don’t know how? No problem, they can get onto the dark web and hire someone to perform a DDoS attack on their behalf. (Sounding a little comic strip yet?)

“No matter who you are, you at least need someone you can rely on to assist with preventive measures that are ongoing, someone that can view your logs, especially if you have a business! Fire fighters fight fire. Not everyone is trained for that. Get someone you trust on your team.”

Check out map.norsecorp.com, where you can view DDoS attacks happening in real time. Not all of what is shown ends up being legitimate DDoS attacks, but they are all perceived threats, and it gives you a great visual of the type of global threat a DDoS is. And it’s fun and pretty to watch, if you like that type of stuff (you know, good design and steady updates).

DDoS attacks can be a very lengthy, technical discussion, and this article can’t cover it all! But, you can quickly check out how our managed services, firewall, dedicated experts, and other services can help you manage a DDoS attack.

Don’t fight the fire alone! Fibernet has the tools to help.