An attack during which users cannot gain access to certain resources is called a DDoS attack, or a denial of service problem. The main feature of such hacker attacks is simultaneous requests from a large number of computers around the world, and they are directed mainly to the servers of well-protected companies or government organizations, less often - to single non-commercial resources.
A computer infected with a Trojan program becomes like a “zombie”, and hackers, using several hundred, or even tens of thousands of such “zombies,” cause a malfunction of resources (denial of service).
There can be many reasons for DDoS attacks. Let's try to identify the most popular ones, and at the same time answer the questions: “DDoS attack - what is it, how to defend yourself, what are its consequences and by what means is it carried out?”
Competition
The Internet has long been a source of business ideas, the implementation of large projects and other ways to earn quite a lot of money, so a DDoS attack can be carried out to order. That is, if an organization wants to remove it when a competitor arises, then it simply needs to contact a hacker (or a group of those) with a simple task - to paralyze the work of an objectionable company through Internet resources (DDoS attack on a server or site).
Depending on the specific goals and objectives, such an attack is established for a certain period and with the use of appropriate force.
Fraud
Quite often, a DDoS attack on a site is organized on the initiative of hackers in order to block the system and gain access to personal or other important data. Once the attackers paralyze the system, they may require a certain amount of money to restore the health of the attacked resources.
Many Internet entrepreneurs agree to the terms and conditions, justifying their actions with downtime and huge losses - it’s easier to pay a small amount to a fraudster than to lose a significant profit for each day of downtime.
Entertainment
Too many users of the world wide web are simply interested in curiosity or fun: "DDoS attack - what is it and how to do it?" Therefore, there are cases when novice attackers organize such attacks on random resources for the sake of fun and test of strength.
Together with the reasons, DDoS attacks have their own classification features.
- Bandwidth . Today, almost every computer site is equipped with either a local area network or simply connected to the Internet. Therefore, there are frequent cases of network flooding - a large number of requests with an incorrectly formed and meaningless system to specific resources or equipment with the aim of its subsequent failure or failure (communication channels, hard drives, memory, etc.).
- Exhaustion of the system . Such a DDoS attack on the Samp server is carried out to capture physical memory, processor time and other system resources, due to the lack of which the attacked object simply does not have the opportunity to fully work.
- Looping . Endless data verification and other cycles operating “in a circle” cause the object to spend a lot of resources, thereby clogging the memory until it is completely exhausted.
- False attacks . Such an organization is aimed at the false operation of protection systems, which ultimately leads to the blocking of some resources.
- HTTP protocol . Hackers send low-cost HTTP packets with special encryption, the resource, of course, does not see that a DDoS attack is organized on it, the server program, doing its job, sends packets of much larger capacity in response, thereby clogging the victim’s bandwidth, which leads to again to the failure of the services.
- Smurf attack . This is one of the most dangerous species. The hacker sends a fake ICMP packet to the victim via a broadcast channel, where the victim's address is replaced by the address of the attacker, and all nodes begin to send a response to the ping request. This DDoS attack is a program aimed at using a large network, that is, a request processed through 100 computers will be amplified 100 times.
- UDP flood . This type of attack is somewhat similar to the previous one, but instead of ICMP packets, attackers use UDP packets. The essence of this method is to replace the victim’s IP address with the hacker’s address and completely load the bandwidth, which will also lead to a system crash.
- SYN flood . Attackers try to simultaneously launch a large number of TCP connections through a SYN channel with an incorrect or completely absent return address. After several such attempts, most operating systems queue up the problematic connection and only after a certain number of attempts it closes. The SYN channel flow is quite large, and soon, after many such attempts, the victim's core refuses to open any new connection, blocking the operation of the entire network.
- "Heavy packages . " This view answers the question: “What is a DDoS attack of the server?” Hackers send packets to the user's server, but bandwidth is not saturated, the action is aimed only at the processor time. As a result, such packages lead to a failure in the system, and it, in turn, denies access to its resources.
- Log Files If the quota system and rotation have security gaps, then attackers can send large packets in volume, thereby occupying all the free space on the server’s hard drives.
- Program code . Hackers with extensive experience can fully study the structure of the victim's server and run special algorithms (DDoS attack - exploit program). Such attacks are mainly aimed at well-protected commercial projects of enterprises and organizations of various spheres and areas. Attackers find flaws in the program code and run invalid instructions or other exceptional algorithms that lead to an emergency stop of the system or service.
DDoS attack: what is it and how to defend
There are many methods of protection against DDoS attacks. And all of them can be divided into four parts: passive, active, reactionary and preventive. What we’ll talk about in more detail later.
Warning
Here, the prophylaxis of the causes themselves, which could provoke a DDoS attack, is needed. This type may include some personal hostility, legal disagreement, competition and other factors provoking "increased" attention to you, your business, etc.
If you timely respond to these factors and draw the appropriate conclusions, then you can avoid many unpleasant situations. This method can be attributed, rather, to the managerial solution of the problem than to the technical side of the issue.
Response measures
If attacks on your resources continue, then you need to find the source of your problems - the customer or the contractor - using both legal and technical leverage. Some companies provide services to search for cybercriminals in a technical way. Based on the qualifications of specialists who deal with this issue, one can find not only a hacker carrying out a DDoS attack, but also the customer himself.
Software protection
Some manufacturers of hardware and software, along with their products, can offer quite a lot of effective solutions, and a DDoS attack on the site will be stopped. As a technical defender, a separate small server can be used, aimed at countering small and medium DDoS attacks.
This solution is perfect for small and medium-sized businesses. For larger companies, enterprises and government agencies, there are entire hardware systems for combating DDoS attacks, which, along with a high price, have excellent protective characteristics.
Filtration
Blocking and thoroughly filtering incoming traffic will not only reduce the likelihood of an attack. In some cases, a DDoS attack on a server can be completely ruled out.
There are two main ways to filter traffic — firewalls and full list routing.
Filtering using lists (ACLs) allows you to filter out minor protocols without disturbing the operation of TCP and without reducing the speed of access to the protected resource. However, if hackers use botnets or high-frequency requests, then this method will be ineffective.
Firewalls provide much better protection against DDoS attacks, but their only minus is that they are intended only for private and non-commercial networks.
Mirror
The essence of this method is to redirect all incoming traffic of the attacker back. This can be done by having powerful servers and competent specialists who will not only redirect traffic, but also be able to disable attacking equipment.
The method will not work if there are errors in system services, program codes and other network applications.
Vulnerability Search
This type of protection is aimed at fixing exploits and fixing errors in web applications and systems, as well as other services responsible for network traffic. The method is useless against flood attacks that are aimed specifically at these vulnerabilities.
Modern resources
100% protection cannot guarantee this method. But it allows you to more effectively carry out other activities (or a complex of those) to prevent DDoS attacks.
Distribution of systems and resources
Duplication of resources and distribution of systems will allow users to work with your data, even if at that moment a DDoS attack is carried out on your server. For distribution, you can use different server or network equipment, and it is also recommended to divide the services physically into different duplicate systems (data centers).
This method of protection is the most effective today, provided that the correct architectural design has been created.
Evasion
The main feature of this method is the conclusion and separation of the attacked object (domain name or IP address), i.e., all work resources located on one site must be divided and located on third-party network addresses, or even in the territory of another state. This will allow you to survive any attack and maintain the internal IT structure.
Services for protection against DDoS attacks
Having told everything about such a misfortune as a DDoS attack (what it is and how to deal with it), we can give one good advice in the end. Many large organizations offer their services to prevent and prevent such attacks. Basically, such companies use a whole range of measures and various mechanisms to protect your business from most DDoS attacks. Specialists and experts in their field work there, therefore, if your resource is dear to you, then the optimal (although not cheap) option would be to contact one of these companies.
How do DDoS attacks do it yourself
Aware, then armed - a true principle. But remember that the intentional organization of a DDoS attack alone or by a group of people is a criminal offense, therefore this material is provided for information only.
American IT-leaders to prevent threats developed a program to test the resistance to server loads and the possibility of DDoS attacks by attackers with the subsequent elimination of this attack.
Naturally, the "hot" minds turned this weapon against the developers themselves and against what they fought with. The product code name is LOIC. This program is freely available and, in principle, is not prohibited by law.
The interface and functionality of the program is quite simple, anyone who is interested in a DDoS attack can use it.
How to do everything yourself? In the lines of the interface, just enter the IP victims, then set the TCP and UDP streams and the number of requests. Voila - after pressing the treasured button, the attack has begun!
Any serious resources, of course, will not suffer from this software, but small ones may experience some problems.