A distributed denial of service attack is an attempt to make a device or network resource unavailable to its intended users. DDOS attacks are commonly performed by flooding the target’s bandwidth with external communications requests, thereby preventing legitimate traffic from getting through. This may be done with compromised devices on a home network, or it can be achieved with malware controlling the victim’s computer systems [1-3].
What is Distributed Denial of Service?
A Distributed Denial of Service (DDoS) is a type of cyber-attack where multiple compromised systems are coordinated in order to still an organization’s services. These attacks can take different forms, but the goal is usually to overload the target’s bandwidth or other resources by flooding them with bogus traffic from different points [4-6].
Categories of DDoS Attacks
The category can be fall into two types one is ‘Depletion of bandwidth attack’ and another is ‘Depletion of resources attack’ which are depicted in Figure 1.
Depletion of bandwidth attack:
The victim’s machine is targeted by a depletion of bandwidth attack, which floods the network with unusual traffic and causes the authorized request to be denied. There are two types of it this time: i) A flood attack is launched and ii) An amplification attack [7-8] .
Flood Attack: The victim’s computer is inundated with unusual traffic generated by zombies during a flood-attack scenario. These massive quantities of packets are used to degrade the performance of the victim machine by overburdening the network’s bandwidth.
Amplification Attack: This type of attack involves connecting either a master (attacker) or a slave (zombies) to a broadcast IP address, after which all of the available machines in a subnet begin broadcasting the messages, amplifying malicious traffic and reducing the bandwidth available on the victim’s system.
Depletion of resources attack
The goal of a depletion of resources attack is to consume all of the resources available on a server or process, preventing it from providing the service that has been authorized. It is carried out in two ways : i) Protocol Exploitation Attacks and ii) Malformed Packet Attack .
Protocol Exploitation Attack: TCP SYN attacks, which are three-way handshake communication protocols between the server and the client, are used by attackers against protocols such as TCP. In order to establish a new connection, we will use the following scenario. In order for the connection process to begin, the client sends a SYN packet to the server in the form of SYN 1 to the server. Following that, the server responds with an ACK 1 and SYN 2 to acknowledge that the request has been received and that the server is ready to begin synchronising the data. After that, the client sends an acknowledgement packet to the server, designated as ACK 2, indicating that it has received the replied package from the server and is also ready to engage in synchronised communications with the server. The resources such as memory, processors, and ports are allocated by the server to facilitate the establishment of a connection immediately after the ACK 1/SYN 2 packet is received. Furthermore, if an acknowledgement ACK 2 is not received from the client until the time out period, the resources are kept safe for a longer period.
Malformed Packet Attack: A malformed packet attack occurs when the attacker instructs the zombies to send IP packets to the victim system that are maliciously formed in order to cause the victim’s system to crash. It launches the attack using an IP address, and the packet contains the same source IP address and destination IP address as the attack, causing the victim machine to become confused and crash as a result of the confusion.
How to Prevent a DDoS Attack
If you don’t want to be the victim of a DDoS attack, there are some precautions you can take. First, you should make sure your router is up to date with security updates and that it’s not vulnerable to exploit. You should also consider setting up port forwarding on your router if you have multiple servers behind it. If a DDoS attack succeeds in infiltrating your system, it will typically saturate all available bandwidth by flooding it with requests. This will prevent legitimate traffic from getting through and could even bring down an entire network connection. What to do if you get DDoS attacked. If a DDoS attack happens, you may not know why or how it happened, but you can still take steps to protect yourself and your server from any further harm. The first thing to do is to identify the source of the attack . Once you know where the attack is coming from, block that IP address and any others associated with it. If your ISP has a DDoS protection service, you should probably turn it on. In some cases, your ISP may be able to stop some of the traffic before it even gets to you – though there’s no guarantee of this. If the attack is coming from literally millions of sources, it’s hard for anyone to stop [9-12].
A Distributed Denial of Service attack is an act of cyber-terrorism in which a company’s web servers are overloaded by multiple compromised sources. This reduces the ability for the company to service their customers and can lead to financial ruin. The best defense against this type of attack is constant vigilance, monitoring, and hardening your system.
- Mishra, A., et al. (2011, September). A comparative study of distributed denial of service attacks, intrusion tolerance and mitigation techniques. In 2011 European Intelligence and Security Informatics Conference (pp. 286-289). IEEE.
- Yan, Q., Yu, F. R., Gong, Q., & Li, J. (2015). Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: A survey, some research issues, and challenges. IEEE communications surveys & tutorials, 18(1), 602-622.
- Gupta, B.B., Yamaguchi, S. & Agrawal, D.P. Advances in Security and Privacy of Multimedia Big Data in Mobile and Cloud Computing. Multimed Tools Appl 77, 9203–9208 (2018). https://doi.org/10.1007/s11042-017-5301-x
- Mishra, A., Gupta, N., et al. (2021). Defense mechanisms against DDoS attack based on entropy in SDN-cloud using POX controller. Telecommunication systems, 77(1), 47-62.
- Peng, T., Leckie, C., & Ramamohanarao, K. (2007). Survey of network-based defense mechanisms countering the DoS and DDoS problems. ACM Computing Surveys (CSUR), 39(1), 3-es.
- Sahoo, S. R., et al. (2019). Hybrid approach for detection of malicious profiles in twitter. Computers & Electrical Engineering, 76, 65-81.
- Alieyan, K., Almomani, A., Anbar, et al. (2021). DNS rule-based schema to botnet detection. Enterprise Information Systems, 15(4), 545-564.
- Bhushan, K., & Gupta, B. B. (2017). Security challenges in cloud computing: state-of-art. International Journal of Big Data Intelligence, 4(2), 81-107.
- Zargar, S. T., Joshi, J., & Tipper, D. (2013). A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE communications surveys & tutorials, 15(4), 2046-2069.
- Gupta, B. B., Misra, M., & Joshi, R. C. (2012). An ISP level solution to combat DDoS attacks using combined statistical based approach. arXiv preprint arXiv:1203.2400.
- Negi, P., Mishra, A., & Gupta, B. B. (2013). Enhanced CBF packet filtering method to detect DDoS attack in cloud computing environment. arXiv preprint arXiv:1304.7073.
- Dahiya, A., & Gupta, B. B. (2019). A PBNM and economic incentive-based defensive mechanism against DDoS attacks. Enterprise Information Systems, 1-21.
- A closer look into the technicalities of a DDoS attack
- How IoT is Making DDoS Attacks More Dangerous?
- Captcha Improvement: Security from DDoS Attack