□ What is Distributed Denial of Service (DDoS)
DDoS, short for Distributed Denial of Service, is a form of cyberattack that uses multiple infected computers or devices to overload a target system or network with excessive traffic.
 |
| Distributed Denial of Service (DDoS) |
□ DDoS Attack Target
The goal of a DDoS attack is to deplete the target system’s resources so that normal users cannot access it.
The main goals of DDoS (Distributed Denial of Service) attacks are:
▶ Service interruption
DDoS attacks deplete the target system’s resources, reducing the availability of services or completely stopping them. This makes the service unavailable to users who use the service through targets such as websites, applications, servers, and networks.
▶ Network congestion
DDoS attacks send a large amount of traffic to the target system, consuming network bandwidth and causing network congestion. Due to this, normal traffic may not be processed and service may be interrupted.
▶ Resource depletion
DDoS attacks are designed to exceed the target system’s processing power, depleting resources such as CPU, memory, and bandwidth. As a result, the target system may not be able to process requests normally and may experience performance degradation or complete shutdown.
▶ Service weakening
A DDoS attack degrades the performance of the target system and slows down service response. This can degrade users’ experience and negatively affect business activities.
▶ Confusion and Dispersion
DDoS attacks can be distributed and executed using multiple computers or devices. This makes it difficult to identify and defend against attack sources on target systems, making tracking and countermeasures difficult.
The goal of a DDoS attack is usually to degrade or stop the availability of a service. This causes inconvenience to users and can have a serious impact on businesses and organizations, including cost loss, reputational damage, and business disruption.
□ DDoS attack in progress
In general, DDoS attacks proceed as follows.
▶ Zombie network formation
An attacker uses malicious code or a vulnerable system to infect multiple computers or devices. These infected computers form a zombie network, and the attacker controls it remotely.
▶ Command and Control
Attackers use the command and control infrastructure to communicate with and control the zombie network. This allows the attacker to send commands to the zombie computers to launch the attack.
▶ Initiate attack
An attacker commands infected computers within a zombie network to send large amounts of traffic to a target system or network. These traffic bombs exceed the processing capacity of the target system and interfere with normal service provision.
▶ Traffic overload
The target system will exhaust its resources due to the large volume of incoming requests or data. Since the target system has limitations in handling a large amount of traffic, normal users cannot access the system or experience delays.
▶ Duration
A DDoS attack can last from a few minutes to several days, depending on the attacker’s intentions and the defense capabilities of the target system.
□ 3 DDoS attacks
A DDoS attack is an attack on a system or network using multiple techniques and methods. These attacks are generally classified into three main types.
▶ Volumetric Attacks
This type of DDoS attack aims to saturate the bandwidth by sending a large amount of data traffic to the target system. This is done by an attacker generating a large number of packets through the zombie network and sending them simultaneously to the target system. UDP Flood and ICMP Flood belong to this type.
▶ TCP State Exhaustion Attacks
This type of attack aims to disrupt the service by exhausting the target machine’s TCP connection state. An attacker sends a large number of TCP connection requests to a target system, causing the system’s connection table to fill up. SYN Flood and ACK Flood belong to this type.
▶ Application Layer Attacks
This type of attack aims to attack the target system’s application layer (web server, DNS server, etc.) directly. These attacks take advantage of system vulnerabilities or send excessive requests to specific application services. Examples include HTTP Flood and Slowloris attacks.
A DDoS attack is a dangerous attack in which an attacker paralyzes the target system and causes service interruption. To prepare for this, companies or organizations can protect against DDoS attacks by using traffic monitoring systems, intranet firewalls, IDS/IPS systems, and DDoS protection services.
