Year after year there is an increase in attacks on organizations around the world. The purposes are various, but one of them is to disable ICT systems (Information and Communication Technologies), which is achieved through the form of distributed denial of service attacks. We review what is DDoS (Distributed Denial-of-Service) and how to protect yourself. Denial of service attack
What is Denial of Service Attack?
A distributed denial-of-service attack is identical to a denial-of-service (DDoS – Denial-of-Service) attack, with the difference that the magnitude of the attack or the amount of network traffic involved is much greater. Flooding techniques through SYN, ICMP or DNS packets are usually used and are run by a large number of computers, generally zombie machines that are infected by some type of malware that goes unnoticed by their users, to attack at a planned time and all at the same time (The set of machines is generally known as a botnet network).
What are they used for? Denial of service attack
These types of attacks seek to render the ICT systems of organizations useless through a large amount of network traffic or requests (flooding) that cause the saturation of IT systems and / or network devices. The objective is to consume all available resources: RAM, use of all possible concurrent sessions preventing legitimate users from accessing a website, consumption of all available bandwidth of the communications line.
Examples of DDoS attacks
- SYN flood: a large number of packets are sent with the SYN flag of the TCP packet activated, which is identified by the systems as connection requests, for example to a web server. By leaving these connections open, it is intended to consume all the resources of the server so that it cannot attend to the legitimate requests of the users of the page.
- ICMP flood: a high number of ICMP requests are sent, which are used to diagnose the quality of a communication line and / or the availability of devices connected to the network, for example, when we execute the ping command. This action saturates the communication line between requests and responses, as well as the device to which they are addressed, which is unable to process all requests and respond, avoiding normal and legitimate network traffic.
- DNS flood: consists of sending a high number of DNS name resolution requests (when we navigate to a website, our computer sends a DNS request to locate the IP that is equivalent to that name), and saturate the DNS server through excessive consumption of resources to process and respond to the flood of requests, thus preventing, for example, user navigation.
How to protect yourself from a DDoS attack
Organizations protect themselves from DDoS attacks in several ways:
- Through clean traffic services from ISP operators that provide communication lines. In the event of a DDoS attack, it is the operator who cleanses the attack traffic, delivering only legitimate traffic to the organization.
- By contracting services to specialized companies that process the traffic destined for the organization before it reaches its perimeter and clean the traffic, delivering only that which is legitimate.
- Implementing anti-DDoS solutions / platforms in the organization’s network that processes and cleans the traffic that enters the network. This solution is not effective against flood attacks that saturate the Internet line, since they are in the internal network, but it is effective for DDoS attacks that consist of saturation of servers, etc.
As we have seen, denial of service, in terms of computer security, is a set of techniques that aim to render a system or network inoperative. Through this type of DDoS attack, the aim is to overload resources and prevent legitimate users from using their services.