DDoS

From Kolmisoft Wiki
Jump to navigationJump to search

DDoS

A Distributed Denial of Service (DDoS) attack is a malicious attempt to disrupt the regular functioning of a network, service, or website by overwhelming it with a flood of internet traffic.
Unlike traditional denial-of-service attacks that might involve a single source, DDoS attacks leverage multiple compromised computers, forming a network (a botnet), to target a single system.

Key points about DDoS attacks:

Objective

The primary goal of a DDoS attack is to render a network, service, or website unavailable by flooding it with excessive traffic, making it difficult or impossible for legitimate users to access.


Distribution

DDoS attacks involve a distributed network of compromised computers, often spanning across different geographical locations. Each compromised machine, known as a bot, contributes to the attack.


Attack Vectors

DDoS attacks can take various forms, including volumetric attacks that flood the target with a high volume of traffic, protocol attacks that exploit vulnerabilities in network protocols,
and application-layer attacks that target specific applications or services.

Amplification

Some DDoS attacks use amplification techniques, exploiting services that can produce a large response to a small request. This allows attackers to magnify the impact of their traffic.


Motivation

DDoS attacks can be motivated by various factors, including financial gain, ideological conflicts, competitive rivalry, or simply the desire to cause disruption and chaos.


Mitigation

Mitigating DDoS attacks involves implementing various security measures, such as traffic filtering, rate limiting, and the use of specialized DDoS mitigation services.
Content delivery networks (CDNs) and cloud-based security services are also employed to absorb and mitigate the impact of attacks.


Evolution

DDoS attacks continue to evolve in terms of sophistication and scale. Attackers may use advanced techniques to bypass traditional security measures, requiring ongoing efforts to enhance cybersecurity defenses.
Understanding and effectively mitigating DDoS attacks is crucial for maintaining the availability and reliability of online services and infrastructure.



How to fight back (sort-of)

Try to identify the mischief-maker. If you have a system with 2 servers, and on the second one, there is only Asterisk.
If it goes down, it won't bring down the entire system. Check new clients after whose appearance the attacks began.
Move them to the second server. Inform selectively. Or move new clients to the second server at the start for some time to make sure they will not cause trouble.

Avoiding an attack is still impossible, but there is hope that they will attack the second server.

There is no single solution anyway - the data center detects attacks and extinguishes them, but if the attack lasts longer than usual,
it means they are taking attacks seriously. Attacks are usually paid and depend on the attacker's resources.