What is DDoS? How to Protect your network from it?
DDoS stands for Distributed Denial of the Server, as its name indicates it.
This is a service mitigation attack that uses multiple servers or machines operating from different locations to attack a single server or web application. Target is bombarded with a load of traffic to stop its services; these attacks are mostly made for ransom from the attacker so that owner of the website could pay for his services to be run properly. These attacks can last for days, starting from hours. The longest DDOS attack recorded was Q2 209, which lasted 509 hours or simply more than 21 days.
Common DDOS attack Types
A user datagram protocol is used in DDoS attacks with the help of which a number of UDP packets were sent to the victim host on random ports so that the host is busy checking the following list.
Application listening at the requested port.
See that no application is listening
Reply with a packet that the host is unreachable
When the victimized host receives multiple requests, they will be busy answering all packets and will be unreachable for other clients.
Internet Control message protocol, commonly known as ping by network analysts, is used in DDoS attacks, which helps attackers send multiple ping requests to targeted hosts and receive back the transmitted packets. Usually, ping requests are used to test whether a host in the network is working or not, but if multiple ping requests are sent to a single server or machine, that will be down. There are several commands which can help in a DDoS attack, like: ping -n, ping -t, ping -I.
In a regular connection establishment, a client sends a synchronization packet to the server in 1st step, and in 2nd step, the server responds with a sync-acknowledgment packet. When the host receives this packet, it replies back in 3rd step with an ack. But in case of a DDoS attack 3rd step is skipped by the host either using a spoofed IP address or using algorithms that help the attacker in not receiving the acknowledgments sent by the targeted host.
Ping of Death
In this type, attackers send a ping request containing an oversized packet to the targeted host to crash or freeze the victim. A correctly formed IPV4 packet including an IP header is standardized and not more than the size of 65,535 bytes. If increased, it violates the internet protocol. So the attacker sends his desired bytes in fragments. When the target host assembles the received packet, it causes memory overflow and sometimes crashes the target host. That is why this ping is called the ping of death.
SlowLoris is a software type which attacks the host server and not machines by sending multiple HTTP requests and keeping open sockets as long as possible to the server it is sending requests. It waits for as long as the whole server’s sockets are busy.
Network time protocol is the oldest protocol on the internet, which is there so that the systems on the internet can synchronize their clock. When a DDoS attack occurs, it sent multiple requests to the NTP server by using the spoofed IP address or that of a victim.
Multiple HTTP requests are made to the targeted host in this attack by using GET and POST methods. A GET request is used to fetch standard, static content like images, while POST requests can access dynamically generated resources.
Zero-Day DDoS Attacks
All DDoS attacks which are unknown or new fall into this category.
How to stop the DDoS attack
There are several pre-emptive measures, which includes checking your network traffic and Test Run DDoS attacks.
You can check your network by using google analytics to monitor any spike in traffic so that you can be ready when there is an active DDoS attack on your site
Test run DDoS attacks are used to test whether your system can bear the DDoS attack or not following applications can be used, which are free and open source.
- Low Orbit Ion Cannon
- UDP Unicorn
Implementing a firewall can also help in reducing the chance of a DDoS attack. You can also have a hardware firewall or software firewall.
You have to confirm that you are being attacked using the command prompt's netstat command for this process. Later on, you can download any network analyzer and see anomalies in your traffic.
Install a malware security scanner
Installing a malware security scanner can also help scan all incoming data before entering it into the system. Moreover, it generates an alert when found some ambiguity.
You can also outsource to protect your website from malicious DDoS attacks. For this, you can also contact your host and take measures like taking your website down temporarily and stopping DDoS attacks. When you get back online again, you need to bring either service from a security organization; some are Akamai, CloudFlare, Imperva Incapsula, DOSarrest, etc.
UltaHost Security Mechanism:
Security is a top-notch priority in hosting. UltaHost has deployed an unbreakable and most advanced security system within our servers by keeping BitNinja on the channel as our Security Partner. It prevents users from DDoS attacks and all other security threats. And now, all our customers are super protected with BitNinja's advanced security system. BitNinja work as a frontline Army against all attacks. And are capable of upgrading themselves because of its self-learning algorithms. To read more about BitNinja security, check our blog -- How are UltaHost servers secured using BitNinja
If you enjoyed this article, then you’ll love UltaHost hosting platform. Get 24/7 support from our support team. Our powered infrastructure focuses on auto-scaling, performance, and security. Let us show you the Kinsta difference! Check out our plans