I was recently asked to weigh in on DDoS attacks to help small-business owners understand these attacks and how to prevent them. A DDoS is a cyberattack on a server, service, website, or network in which the target is flooded with traffic or data to the point that all resources available are exhausted. Once the traffic overwhelms the target and all resources are used, the server, service, website, or network is rendered inoperable as all legitimate requests will go unhandled.
DDoS attacks can come in short bursts or repeat assaults, but either way, the impact on a website or business can last for days, weeks, and even months as the organization tries to recover. This can make DDoS extremely destructive to any online organization.
What Are the Common Types of DDoS Attacks?
Luckily, DDoS is usually easy to identify and diagnose. The most notable symptom would be that the target service, site, or network is unavailable or has slowed down significantly. With a DDoS attack, you will notice a jump in resource utilization by the targeted servers, which likely corresponds to an unusually high number of requests or requests that are malformed. Some of the most common types of DDoS attacks include:
- HTTP request flood: Attackers will gather tens of thousands of bots and have them all request the same resources at the same time. Every web server has a limit to the number of requests it can serve at any moment, so the bad actor’s goal in this type of attack is to create more requests than the server can handle. It is often as simple as requesting the primary webpage (a request to www.yourwebsite.com); however, some websites like Google are practically impervious to DDoS attacks in this form as they can handle a large number of requests.
- SYN flood: To establish a transmission control protocol (TCP) connection, two computers need to perform a “handshake” where they introduce themselves to each other. The first step in that handshake process is sending a synchronize (SYN) packet and waiting for a response. To respond, the other computer needs to allocate resources like memory and processing space to handle that request. If too many SYNs arrive at the same time, the target computer will no longer have resources to allocate to legitimate connections, causing a denial of services.
- UDP flood: User diagram protocol (UDP) allows a transfer of data without requiring a handshake like TCP. It sends data and forgets, so there is no verification that the data arrived. Since it has less overhead, this is often used in applications like streaming video content where it’s not that important if some data is missing. If an attacker can send enough data, the target could be overwhelmed, resulting in denial of service.
How Can an Organization Protect Against a DDoS Attack?
While you will not be able to completely protect against DDoS attacks, organizations can make it harder for actors to achieve. Our top tips for protecting against a DDoS include:
- Disable any services that are not needed for your organization’s website. If you are simply running a website, disable anything other than HTTP(s) traffic so you are not susceptible to many of the protocol-based DDoS attacks from the start.
- Implement protections from your service provider. Many service providers, like Comcast or Verizon, offer some intelligent DDoS protection. They can detect a large number of requests or unusual requests and intelligently drop those requests so they do not have to be handled by your website.
- Increase resources available to handle requests. If your website has a lot of traffic already, consider increasing the resources available to handle those requests. This will improve the speed and reliability of your site AND make DDoS attacks harder to accomplish as attackers will need more bots to succeed. This could come in many forms, including providing better routing of traffic (load balancing), increasing the number of servers that handle requests, and increasing the processing and memory capabilities of each server.
While DDoS attacks can be extremely disruptive, they are relatively easy to detect and diagnose. There are some preventive measures you can take as detailed above, and it is important to strengthen the overall security posture of your devices. If you think you have experienced an attack, reach out to our Incident Response team at 888-385-1720, and we can help you diagnose and resolve the incident.
Want to learn more about the best ways to protect your organization from cyberattacks? Check out our whitepaper: The Domain Controller…An Achilles Heel.
Senior Product Engineer | PONDURANCE
Jason is a Senior Product Engineer and has worked in cybersecurity roles for more than 10 years since graduating from Purdue University with a Bachelor of Science in computer science in 2009. At Pondurance, Jason leads our application development. Prior to joining Pondurance, Jason worked as a defense contractor in the Washington D.C. area and was a NASA intern while attending Purdue. Jason loves the challenges brought forward by a career in cybersecurity and working to secure national infrastructure. Outside of cybersecurity, Jason considers himself a maker with a particular passion for educational technology, an amateur cartographer, and an urban enthusiast, and he is fascinated by aerospace engineering and everything related to space exploration. Jason also enjoys playing soccer and basketball, as well as cheering on the Colts, Pacers, Caps, and Blues! Jason is excited to be back in Indianapolis as part of the rising Indy tech community!