- Listen to our monthly AppSec Stats Flash podcast
- LEARN MORE
In a typical DDoS attack, the assailant begins by exploiting a vulnerability in one computer system and making it the DDoS master. The attack master system identifies other vulnerable systems and gains control over them by either infecting the systems with malware or through bypassing the authentication controls (i.e., guessing the default password on a widely used system or device).
Where a Denial-of-Service (DoS) attack is a cyberattack where the perpetrator seeks to make a machine or network resource unavailable to its intended users, a Distributed Denial-of-Service (DDoS) attack is an attack in which multiple compromised computer systems attack a target, such as a server, website, or other network resource. The flood of incoming messages, connection requests, or malformed packets to the target system forces it to slow down or even crash and shut down, thereby denying service to legitimate users and systems.
Whilst the incoming traffic from a DoS attack is launched from a single machine, with a DDoS attack, the traffic flooding the victim originates from many different sources. DDoS attacks are initiated from a network of connected bots (known as a botnet), that are assembled and controlled by an attacker. This effectively makes it impossible to stop the attack simply by blocking a single source. Botnets often vary in size, (from tens to hundreds or thousands of nodes in different locations) and make it easier to scale up the volume and rate of traffic to flood the victim’s domain.
DDoS attacks involve overwhelming the system with a large volume of data (volume-based attacks), exploiting server resources (protocol attacks) or targeting existing vulnerabilities within the application itself. Examples of DDoS attacks include
DDoS attacks may result in prolonged or severe network slowdown and intermittent site shutdowns. Whilst it is generally not possible to prevent them from happening in practice, it is possible to minimize the attack surface and potential business impact by applying core security practices.
Implement a plan involving continuous proactive network monitoring to detect any early signs of unusual surges in connection activity.
Using a robust network infrastructure including secure firewalls, VPNs and load balancers serve as an additional line of defence.
Network security tools, including cloud-based vendors also offer DoS/DDoS protection as part of their security service.
Follow strong application security practices (strong passwords, anti-phishing methods etc.), to lower the possibility of vulnerabilities being exploited.