A Denial of Service (DoS) attack is when an attacker attempts to make a site unavailable to users by sending so much traffic to it that the site cannot respond. The idea is to disrupt the normal operations of a server or network with a cyber attack on that server or network. This cyber attack is coming from one source, such as the attackers computer.

There are different types of DoS attacks, including a Distributed Denial of Service (DDoS) attack, which uses multiple sources to attack a network or server.

Recently, nearly all DoS attacks have been DDoS attacks.

What is a Denial of Service Attack

A Denial of Service (DoS) attack is a type of cyber attack in which malicious software or hardware targets the victim’s computer and attempts to make it unusable. This can be done by flooding the target with superfluous requests, which overloads their servers and causes them to crash.

There are many different types of DoS attacks, such as SYN Floods. In this type of DoS attack, the host sends a ton of TCP/SYN packets. The result is that no one will be able to connect because there are too many open connections from other machines trying unsuccessfully to get through before being denied service.

The network or server is typically able to handle a DoS attack since it’s able to somewhat easily pinpoint where the attack is coming from. The server usually just closes the connection where the attack is coming from.

But what if the attack comes from multiple sources all at once? That’s a DDoS attack.

How Do My Servers Get Attacked by a DDoS Attack?

A DDoS attack is a type of cyberattack that uses large numbers of computers to send traffic to a target website or server. The attacker’s aim is to overwhelm the victim with so much network traffic that it cannot respond, typically by crashing their servers.

How does the attacker get access to so many computers? By infecting them with Malware. This can be done by sending email attachments or the user accidentally clicking on something that they shouldn’t on a compromised website. A series of infected computers that are ready to participate in the DDoS attack at the attacker’s request is called a botnet.

A botnet is a network of compromised computers that have been infected with malware. The malware enables attackers to use these computers as part of their botnets and command them remotely. The attacker build up their own army of bots and uses them as part of their attack against the target.

How Are DDoS Attacks Classified?

Distributed Denial of Service attacks are classified based on the Open Systems Interconnection (OSI) layer that they use for attack. The most common layers for attack are:

• Layer 3 (Network) — the attacker tricks UDP servers to respond to a server that never was involved in the process. The hacker sends a request to a reflector and the UDP servers send back requests to the IP address that the attacker specified. These requests can be anything. The server doesn’t know how to respond and is flooded with requests that it doesn’t know how to handle. The network will also be overwhelmed with the requests. Most of the time the attacker will not send these requests to the reflectors themselves; instead, they’ll use botnets that send UDP packets to reflectors with spoofed source addresses, which in turn send the amplified responses to the target.
• Layer 4 (Transport) — typically, a user will send a SYN request to a server, the server returns a SYN response to the user, and then the user sends an acknowledgment back to the server. What exactly is a SYN request? It’s when a “TCP packet is sent to another computer requesting that a connection be established between them.” With a SYN flood attack, the attacker completes the first 2 requests, but doesn’t complete the acknowledgment. Without this acknowledgment, the connection remains open. The server waits for the acknowledgment from multiple requests, which consumes the resources. When the legitimate request comes in, it won’t be able to respond since it’s waiting for the previous connections to close.
• Layer 6 (Presentation) — legitimate users try to establish a legitimate SSL connection. The attacker’s botnet will attempt to connect to the SSL port (443), open those connections, and keep them open. Once the port becomes overwhelmed, the resources will go down and the connection to legitimate users will either slow down or completely stop.
• Layer 7 (Application) — millions of bots generate fake HTTP requests (GET or POST) that hit a server. The legitimate users will not be able to reach the server, such as a web server, since the server is overwhelmed with requests. The attacker can also attack the DNS server in a similar fashion.

Here’s a great chart that goes through each of the OSI Layers.

https://drive.google.com/viewerng/viewer?url=https://www.cisa.gov/uscert/sites/default/files/publications/DDoS%2520Quick%2520Guide.pdf

How Can an Attacker Launch a DDoS Attack?

A Distributed Denial of Service (DDoS) attack is launched by a group of computers or bots that are infected with malware. The malware is activated when a command is sent to the botnet.

The command tells the infected machines to scan the internet for vulnerable systems, then infect them. Once these systems become part of the botnet, they can then be used as part of an attack on other websites or services.

In simple terms, the hacker controls thousands of zombie computers that are ready to flood the target system and overwhelm it until it crashes.

The DDoS attack overwhelms the CPU and memory of the server as well as the network bandwidth, which in turn affects the information being sent to legitimate connections. The legitimate computers will be denied service since the server is being overwhelmed by the DDoS attack.

Is It Possible to Stop a DDoS Attack?

You can prevent a DDoS attack from happening, but it depends on the type of attack. If you know what an attacker is planning to do and how they’ll try to accomplish it, you can stop them before they get there.

The first step in prevention is recognizing that DDoS attacks exist at all — and knowing why they happen.

Instead of trying to implement solutions yourself, this is one area that I suggest you stick with the pros, especially if your industry is likely to be targeted by DDoS attacks. For example, “Cloudflare’s Autonomous Edge and centralized DDoS systems analyze traffic samples ‘out-of-path,’ which allows Cloudflare to asynchronously detect DDoS attacks without causing latency or impacting performance. Once attack traffic matches a rule, Cloudflare’s systems will track that traffic and generate a real-time signature to surgically match against the attack pattern and mitigate the attack without impacting legitimate traffic.” Read more.

Which DDoS Attacks is the Most Common?

The most common type of DDoS attack is a SYN flood, which floods the target with TCP requests. The target then cannot handle all of them and crashes. If this happens repeatedly, it will take down your site or service until you can fix it.

How Long Does a DDoS Attack Last?

That’s up to the attacker. Sometimes it lasts for hours, other times for days. It’s really up to the motive, which can vary from financial to political and even “just because.”

Does AWS Block DDoS Attacks?

AWS blocks DDoS attacks to protect its customers, infrastructure, and business. When a large number of requests are sent to AWS servers at once, it can cause them to overload their systems and slow down services for their users. This would mean that you wouldn’t be able to reach the AWS services on which you depend — including S3 or EC2 instances — so they prevent this from happening.

Conclusion

A Denial of Service Attack is a form of attack that uses a large number of Internet users as part of a distributed botnet to overwhelm a target system by sending traffic to the server, network or website. The attacker may be attempting to prevent access, steal data or cause some other significant damage.

DDoS attacks are on the rise and it’s becoming harder to stop them. But there are some things you can do to prevent them from happening, such as using a good security solution.