Distributed Denial of Service (DDoS): Short Tutorial on Attack Types and Mitigation
Distributed Denial of Service (DDoS) attack is one of the most widespread and complex cyber-attacks globally. Malicious users attempt to deny the availability of the victim company's online services to legitimate users. It is also considered a deadly weapon against online businesses. Nowadays, hackers also used cloud services to launch an attack to cripple the network of organizations. Different government agencies also used DDoS attacks as a weapon to bring down the services of the enemy country.
How an attacker launches an attack?
Here, the attacker/malicious bots first scan the internet for unpatched and security-vulnerable machines. Once found, the attacker also uses rootkits and malicious software to install security vulnerable machines to use as BOT to launch an attack. The attacker further tightens the security of vulnerable machines so that no other person can exploit those machines again. Once enough machines were compromised, the attacker launched an attack against the victim.
DDoS Attack Types & Mitigations
1. Volume-Based Attacks: Here, the attacker bombards the victim with network packets using different tools or BOT machines. UDP floods, ICMP floods, and other spoofed-packet floods are some examples of this type of flood.
Possible mitigation techniques: Rate limiting of different types of network packets is one of the mitigation techniques of DDoS. Other mitigations include blocking (for some time as it may be a spoof) of attacker IP or range of IPs for some time, using machine learning algorithms to detect fake traffic, blocking tor IPs, etc.
2. Protocol Attacks: SYN floods (weakness of TCP), fragmented packet attacks, Ping of Death, Smurf DDoS, etc., are examples of protocol attacks. It is basically exploiting the server resources of the victim.
Possible mitigation techniques: Use threshold timings to wait for the connection to complete, detect fake pattern detection using AI techniques, check packets for RFC compliance, rate limiting, etc., are some of the techniques for mitigation.
3. Application Layer Attacks: low-and-slow attacks (Slowloris and RUDY can be used for such attacks), GET/POST floods, etc. are examples of this type of attack. Here, the attacker exploits the working mechanism of the TCP protocol and sends small TCP packets at regular intervals to the victim. On receiving the packet, the resource waits for another packet until some cut-off time. Again, the attacker sends another packet just before the cut-off time. Hence, again waiting happens.
Possible mitigation techniques: Increasing the server resources, handling many requests, proxy-based connection mitigation, etc., are some mitigation techniques for application-layer attacks.
Famous DDoS Attacks
- Mafiaboy (2000): Disrupted the service of online giants such as CNN, Amazon, Yahoo, and eBay for one week.
- Root DNS Server (2002): Attack on DNS's root name server by a group of hackers.
- Estonia Cyber Attack (2007): The government services of Estonia had been brought down.
- Project Chanology (2008): Anonymous members launched the protest movement against the Church of Scientology to remove a video clip from a highly publicized interview with Scientologist Tom Cruise.
- Operation Ababil (2012-13): 26 or more banks in the US went offline by anonymous attackers.
- Mirai IoT BOTNET (2017): Default credentials of different IoT systems were the culprit of this DDoS attack. The attacker compromised IoT devices and used them to attack Airbnb, GitHub, Reddit, Twitter, and Netflix.
In this article, we have covered types of DDoS attacks and their possible mitigation techniques. Although I am not covering this as exhaustive attack types and mitigations, I try to summarize both of them to summarize them. We have also covered past famous DDoS attacks such as Mirai, which happened recently in 2017.
Subscribe us to receive more such articles updates in your email.
If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!
Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.