A distributed denial of service attack, or DDoS, is the name given to a computer attack technique. It aims to send many requests to a service (a website, an application) from several machines in order to disrupt its proper functioning. A cybersecurity threat with multiple uses. Here’s everything you need to know about DDoS attacks.
With the malwareTHE ransomware and the phishing, the DDoS attack is one of the most widespread threats on the Internet. Relatively simple to set up, it is used by both budding hackers and experienced hackers, criminal organizations, political groups and even some governments.
Extortion, paralysis of a service, intentional sabotage, cyberbullying, the uses of a DDoS attack are numerous. Here’s everything you need to know about this malicious computer attack.
What is a DDoS (Denial of Service Attack) attack?
A denial of service attack (DoS for Denial of Service) involves flooding the bandwidth or network infrastructure of a service, such as a website, application, computer network, or even a single computer, with data. The goal is to alter its proper functioning, to saturate it with requests, to the point of making it inaccessible.
Most often, this type of attack is carried out from several machines, in order to multiply the number of requests. We then speak of a collective attack by saturation of service, or more commonly of an attack by distributed denial of service. Hence the acronym DDoS, for Distributed Denial of Service.
How does a DDoS attack work?
To prepare for a DDoS attack, the hacker corrupts a series of connected machines by infecting them with one or more malware. When a DDoS attack is launched, the network of infected machines sends a very high number of requests to a single service. This is then drowned in requests, data packets, which paralyzes the server or servers that are unable to process conventional traffic. This is a “volumetric” attack.
A DDoS attack can also target the network directly, to prevent a specific person from accessing a service for example. The so-called attack Syn Flood thus targets the TCP protocol, which is responsible for ensuring the connection between a system (client) and a service (server). The operation of this TCP protocol is simple: first, the client generates a SYN message to the server it is targeting. The latter responds with a SYN-ACK message. The exchange ends with an ACK message from the client in order to definitively establish the connection.
The attack intervenes in this exchange. It bombards the server with SYN requests, thus occupying all the input ports of said server. No other connection can therefore take place, preventing the client from accessing the service.
Other types of DDoS attacks includeUDP Flooding (which saturates the bandwidth between two machines), the Package Fragment (which targets defragmentation at the IP level to crash a machine) or the layer 7 DDoS attack (which targets and disrupts specific web applications and not an entire network).
Who does DDoS and what is it for?
Thanks to its ease of implementation, the DDoS attack is very popular with malicious hackers. Starting with criminal organizations, which use DDoS attacks against companies whose commercial activity passes through the Web. A financial blackmail is launched against the promise not to paralyze Internet services.
A company can also use a DDoS attack to curb the activity of a competing entity, and therefore, sink it financially.
The DDoS attack is sometimes used as a decoy to another major attack, such as the installation of a ransomware or the plunder of private data.
DDoS attacks are also found in political actions. “Hacktivists” can rely on the DDoS attack to “punish” a large multinational, for example, make a state service inaccessible or cut off the communication channels of an opposing group.
Finally, some countries use the DDoS attack to hinder the services of another country, and thus destabilize the action of the targeted government. In the early hours of the war in Ukraine, Russia was accused of launching numerous DDoS attacks against Ukrainian administrative and banking services.
How to protect against a DDoS attack?
By definition, it is difficult to counter an ongoing DDoS attack. This sends a multitude of requests from many machines to different addresses, it is almost impossible to block all IP addresses. The attack is at best limited, but remains uninterrupted.
On the other hand, it is quite possible to guard against a DDoS attack. Some companies, like Cloudflare, offer “buffer servers” to deflect attacks. Concretely, it is a question of redirecting requests to an empty server, which will exhaust the attack in order to protect the targeted server from overloading.