When there is a malicious attempt that can affect the availability of a system, such as a website or an application, we must say that it can be generated by a denial of service attack or DoS.
The mechanism of action of these attackers, it is to generate a large number of packages and requests, generating a larger volume end up accumulating in the system and causing a collapse of it. When a Distributed Denial of Service (DDoS) attack occurs, the attacker usually uses different and several services, which will be used to generate an attack and begin to collapse the system.
DDOS attacks usually attack the open systems interconnection model, which is separated by layers, usually, this type of attack prefers to first attack the network layers (layer 3), transport (layer 4), presentation (layer 6) and application (layer 7).
How are DDoS attacks classified?
When these attacks occur, you should think quickly about the mitigation techniques that will protect our system. For the technique to work, we must classify the DDoS attacks in two groups, we will have the attacks in the infrastructure layer (layers 3 and 4) and attacks in the application layer (layers 6 and 7).
Attacks on the infrastructure layer
They are the type of classic DDoS attacks, including vectors that work in synchronized flood (SYN) form, a collapse of user datagram packets (UDP). As mentioned earlier, DDoS usually attack by overloading the network capacity or servers of the application, introducing a volumetric content capacity that becomes too much for the system.
This type of attack is easy to detect and, therefore, it becomes easy to solve quickly.
Attacks in the application layer
When layers 6 and 7 are affected we speak of an attack in the application layer, they are attacks that occur less frequently but thanks to this, it produces a lot of damage internally. The volume introduced into the system is smaller compared to the attacks in the infrastructure layer, but the fact that it is a sophisticated attack, produces that they detect the vulnerable and elementary zones of the system, application or service, and attack directly there until leaving it inactive, without users being able to use it.
A clear example of this type of attack is the flooding of HTTP requests to a page where you must log in. We can also place an example that attacks a search area, or that floods the WordPress XML-RPC.
What are the different types of DDoS attacks?
The denial of service attacks may vary, depending on the form you decided to attack, but we can classify this type of attacks in two types: volumetric attacks, and TCP state exhaustion attacks.
As mentioned above, these are attacks that attempt to collapse the system by introducing a large amount of data into the network or service, causing the broadband of the system to collapse and consume, leaving the system vulnerable.
TCP state depletion attacks
They are attacks that directly interfere in the state of connection of the system, trying to consume the tables of the same one and destroying the components of infrastructure. This type of attack goes directly to load balancers, firewalls and application servers.
What are the protection techniques against DDos attacks?
Mainly you must reduce the surface that is being attacked, in order to limit limiting the options of the attackers. It must be taken into account that the main thing is to protect the service, such as the application along with its resources and port entries, protocols, among others.
Following this, scaling must be planned. When a volumetric DDOS attack is taking place that has occupied a large space in the system, one can think of mitigating the attack with the capacity that the bandwidth or traffic possesses, and the server’s ability to cope with the attack.
The capacity of transit is one in which the amount of volume that the broadband of the system can manage is taken into account, while the capacity of servers is not more than the capacity that the server has to increase or decrease the computing resources when being necessary.
Another important technique that we can take into account is that the person must know what is normal traffic and what isan abnormal traffic.
Whenever the high traffic levels are detected when they arrive at the host, we should mainly know the capacity of our host service to manage such amount of information and data, only the traffic that seems legitimate should be managed and a package analysis should be done.
Another technique used is to implement firewalls for attacks of sophisticated applications. The firewall is nothing more than a protective wall that allows that no attack can be generated and go further in the system, it can also give the option to generate customized measures against these attacks to avoid them completely mitigating the attack.
Why are DDoS attacks so dangerous?
These attacks can manifest themselves for both large companies and small companies. When an attack occurs in a company’s system, it must be taken into account that inactivity will occur in a system that carries out daily operations, is a system that has email, and automation of sales. When the system collapses, becomes inactive and unusable, the monetary losses for the company begin to emerge. What if these attacks occur in a data warehouse where important industries such as pharmaceutical manufacturing or medical attention are handled?
It is important to know that web properties are again that is worked with a cycle and that by stopping this cycle, chaos can begin to occur over all the important data and daily business operations. If the attacks continue to occur, they can generate a bad reputation for the company, causing customers to take a certain attitude against the company, even damaging the brand’s income and reputation. For this reason, the security of our systems must always be taken into account, as well as the contemporary check of it.