DDoS ? Techniques & Mitigation

This write up speak about types.. methods and techniques for control and mitigation on DDoS.

Distributed Denial of Service (DDoS) attack is one of the most common security attacks that happen in an infrastructures. While this type of attack often renders network devices and applications ineffective and non-responsive, we can prevent them by taking proactive measures.

Let us define and explain the DDoS attacks before explaining the ways to combat such attacks.

What is DDoS Attack?

As we all know, DDoS refers to Distributed Denial of Service. It is a critical cyber-attack causing disruption to the network service and connectivity. The attack is carried out by multiplying the bots infection across a lot of devices varying from servers , devices, computers just for the sake of targeting a single system. The computer from which such an attack is started is called botmaster.

Over the years, there has been a considerable increase in the DDoS attacks, and many have been victims of such attacks. An attack of this type can cost millions of dollars within a span of a few hours. Hence, we need to take DDoS attacks seriously and try to approach it with effective precautionary and preventive measures.

Typical DDoS Architecture

Various Types of DDoS Attacks

Though the basic mechanism and the attack trajectory remains the same, DDoS attacks can be of many types.

Volume-Centric Attacks

This is the most common DDoS attack which takes place by overwhelming the entire network bandwidth if the target computer with a flood of false data requests across all data ports. Thus prevents the machine from accepting the actual traffic, and thus the system stops responding to all queries.

Basically, two types of protocols are used for carrying out such attacks. These two protocols are UDP and ICMP. Due to its fast-paced data transmission capability, UDP format is preferred by attackers more.

ICMP refers to Internet Control Message Protocol, which is used for facilitating communication among multiple devices. When the attack uses thus protocol, nodes are attacked and are made to send false error messages to the targeted computer. The machine by keeping itself buy with such requests, cannot accept the new and original request.

The app layer is the surface layer of a network. By staying in front of the user interaction, this layer is attacked mainly targets the web traffic. Some of the most common avenues for such attacks include HTTP, HTTPS, DNS, or SMTP.

Attacking Application Layer

Since this type of attack generally uses a very less number of machines, detecting them becomes very hard. This is why, often with an application layer attack, the server starts considering the problem related to increased traffic volume.

Sending oversized packets continuously over the network will make the devices to succumb to the attacks.

Protocol based Attacks

The protocol attack basically tries to damage the tables for verifying connections located within network areas. This attack results in slower pings, mal-informed attack partial packets. The attack can create a false memory room in the target machine and crash the system by overloading it.

External intruders widely uses any one of the attack to poison the network and environment

How to Guard & Fight DDoS Attacks?

We all know how DDoS attacks can have lethal consequences on network systems. This is why it is essential to know the various measures to thwart DDoS attacks. Here some explanation on few of these measures and tips.

Incorporate Infrastructure Redundancy

This is a straightforward and best solution is to make it harder for the attacker to launch an attack on the system. Before the requests overwhelm your system and chokes, it spread those requests across multiple data centers with a powerful load balancing system. If the data centers are located at different locations, the job of the attacker further gets tougher.

There are other preconditions for this defense mechanism to be successful against DDoS attacks. The data centers must be connected to different networks, and there should be no single failure points for the network infrastructure. Network isolation/ Segmentation a good idea. Lastly, the location of servers across multiple locations further makes the job tougher.

Perform Configuration changes for Network Devices

A few simple tweaks in hardware configuration can help you combat the DDoS attack quite simply. For example, you can configure a firewall or router to purge the ICMP request packets. Such configuration changes can actually prevent ping based volume-centric attacks.

Defense to DDoS

It is recommended that the network architecture takes multi-tier protection to defend DDoS attacks.

Defending Network Layer

This defense will be created for only the network layer. This defense layer will be able to detect malicious botnet IPs, poor IP sources, bad IP reputation, and suspicious geolocation. This will also be able to filter based on the reputation by utilizing threat intelligence. Many types of attacks can be stopped at this defense layer, including TCPfloods, ICMP floods, SYN floods, etc.

Defending Application Layer

Defensive mechanisms will focus on the uppermost layer of an application. The objective of this defense is to carry out checks with intelligence corresponding to app logic. For inspecting the encrypted content offloading SSL is required. This defense works by detecting the regularities in the app traffic.

Scrubbing Centers

Scrubbing Centers are known to make the incoming attack to Zeroed. It’s also called as black hole where the huge incoming traffic gets nullified

Conclusion

Prevention is better than cure . DDoS attacks have become more and more common than ever before, attackers became sophisticated with the attack techniques. Proper hygiene and over seeing incoming traffice will control and preserve from these attacks

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s