DDos attacks became a real problem for most of online businesses nowadays. This way of economic pressure is very popular, because it does not leave any legally relevant evidences. At the same time such attacks can make unavailable almost any computer or system. DDos attacks are based almost on the same principle as Dos attacks. The difference is that DDos attacks use more than one computer as the attack source. Unfortunately, usually it consists of thousands of computers.
Attack can be done by different techniques. Generally, they can be divided in three groups:
- Bandwidth saturation.
- Hardware resources saturation.
- Program code mistakes attack.
First two groups of techniques are mainly used by non-professional or beginner attackers. Meanwhile, the third group of techniques is the most dangerous and usually used by the most sophisticated attackers. Bandwidth saturation can be reached by different types of flood. Here can be mentioned such types of flood as ping-flood, ICMP, UDP and SYN-flood (TCP). Ping-flood is the less dangerous off all, when ICMP and UDP are the most dangerous (they reach the goal with almost total guarantee). All types of flood are intended to consume all the system connection resources. Hardware resources saturation attack uses almost the same logic, but the goal is to consume system’s RAM, CPU time and physical memory. Usually attackers use such technique parallel with bandwidth saturation. The third group of attack techniques uses any mistakes in the system program code to build the situation,which the system will not be able to handle. Usually the weakest place in the system’s code is exception handling, but sometimes attackers use buffer overflow to make system unavailable.
Unfortunately, there is no universal remedy from DDos attack nowadays. That means that no system can avoid DDos attack with full warranty. However,several steps can help to reduce the likelihood of such attacks or reduce the damage from them. Here can be mentioned such steps as:
- Increasing of system resources. This will improve the ability to resist the attack.
- Searching and elimination of code mistakes. This will reduce weak places, which attackers can use.
- Firewalls, switches and routers. These protection elements can help only from small attacks. The reason is that they handle only the certain amount of pressure.
- Application front-end hardware. It can improve the firewalls, switches and routers efficiency.
- Blackholing and sinkholing. Due to these methods, attacking traffic is redirected to a ‘black hole’or a special server, which rejects dangerous packets. Such methods work only with some attacks.
- IPS based prevention and DDS based defense. These protection elements can help to identify and block the attack.
- Clean pipes. It is the special system of protection, which can separate all bad traffic. Unfortunately, this system will work only with provider’s central connectivity to the Internet.
- CDNDDos protection. Content delivery companies usually offer their defense from attacks.DDos CDN defense can be combined with above-mentioned methods.
It should be remembered, that DDos attacks are mainly the way of economic pressure. That is why the best way to avoid such attacks is to monitor the causes, which can push anyone to start an attack. Surprisingly, the most common reason of attacks ispersonal grievances. That is why it is very important to keep honest relations with allmembers of the business processes.