[rws_note size="17" background="#fae588" color="#333333" radius="6"]Disclosure: Some of the links in this website may be affiliate links, meaning, at no additional cost to you, Raven Web Services will earn commission if you click through and make a purchase.[/rws_note]
What exactly is a Denial Of Service (DoS) attack and what can you do if your website is under attack? Read on to learn more about what these online attacks are and perhaps more importantly, how to handle being attacked.
A Distributed Denial of Service (DDoS) is an attack on a network which is developed to bring it to a halt. This is done by sending useless traffic to a particular service/port on a server. The amount of traffic sent would overwhelm the service, so that genuine traffic would be dropped or overlooked.
DDoS attacks have evolved from the basic DoS attacks that were in the wild in 1997. These attacks stem from one source and can emerge from 100's of areas around the world. The most noticeable attacks were those in February 2000, where high traffic sites (eBay/Amazon/Yahoo/CNN/Buy.Com/Datek/ZDNet)
The following are different kinds of attacks.
Smurfing: The perpetrator sends out a large amount of ICMP echo traffic at IP Broadcast addresses, all of it having actually a spoofed source address of a victim. This increases the traffic by the variety of hosts.
Fraggle: This is the cousin of the smurf attack. This attack uses UDP echo packets in the very same was as the ICMP echo traffic.
Ping Flood: The offender attempts to disrupt service by sending ping request straight to the victim.
Syn Flood: Exploiting the defect in the TCP three-way handshake, the perpetrator will create connection requests targeted at the victim. These requests are made with packets of unreachable source addresses. The server/device is not able to complete the connection and as a result the server winds up using most of its network resources aiming to acknowledge each SYN.
Land: The perpetrator sends out a created package with the same source and destination IP address. The victims system will be confused and crash or reboot.
Teardrop: The perpetrator sends out 2 fragments that can not be reassembled properly by controling the balanced out worth of the package and trigger a reboot or stop of the victim's system.
Bonk: This attack usually affects Windows OS machines. The offender sends corrupted UDP Packets to DNS port 53. The system gets puzzled and crashes.
Boink: This resembles the Bonk attack; accept that it targets several ports instead of just 53.
Worming: The worm sends a big quantity of data to remote servers. It then confirms that a connection is active by trying to get in touch with a website outside the network. If effective, an attack is initiated. This would be in conjunction with a mass-mailing of some sort.
With the current TCP/IP implementation, there is little that companies can do to prevent their network from being DDoSed. Some companies can be proactive and ensure all their systems are patched and are only running services they need. Carrying out, Egress/Ingress filtering and make it possible for logging on all routers will disable some DDoS attacks.
If the packet's source IP address comes from inside the subnet that the router serves, then the package is forwarded. If the packet has an unlawful source address, then the package is merely dropped.
For those that prefer watching a video over good old fashioned reading, then check out the great video below that explains DDoS Attacks in a easy to digest visual format.
By now you will have come to learn that DDoS attacks are very difficult to stop and trace. Numerous dedicated server companies will merely disconnect the server that is being attacked until the attack has actually stopped but this however is not a real solution. Once an attack is spotted hosts must engage their upstream service providers right away. For those looking to halt an on-going DDoS attack or better yet, to proactively mitigate potential denial or service attacks themselves then we recommend using a third-party service such as CloudFlare or Sucuri. Both options provide world-class web security solutions similar to WebARX (which we spoke about last article) but with the added service of DDoS protection. Here at Raven Web Services we actively use Sucuri to mitigate DDoS attacks and have had great success using their security suite.