A DDoS (Distributed Denial of Service) attack or denial of service attack is an attempt to stop a server or website from serving content or responding on the Internet. For this, what is done is to send traffic massively from different (many) “zombie” clients so that the server becomes overloaded and cannot respond to the requests of real users.
The act of carrying out DDoS attacks is entirely illegal.
All hosting providers receive, at some point, a DDoS attack. When a client gets an attack, the provider is the one who has to stop it (this applies to any type of attack).
In many cases, a DDoS attack is called something that is not a DDoS attack but rather specific attacks on websites, such as attacks on WordPress XMLRPC.PHP or brute force attacks against WP-ADMIN by WordPress.
Table of Contents
What Is The Difference Between A DDoS Attack And A DoS Attack?
Although a DoS attack and a DDoS attack are similar, and their intent in both cases is to disrupt access to a server, the difference is that in the case of the DDoS attack, many devices connected to the Internet are used for the attack, while in the case of DoS uses a single device with a “big” Internet connection.
In the case of DDoS attacks, in addition to multiple network clients attacking, we have the role of the “controller,” who coordinates the attack and makes all those devices connected to the Internet send their traffic against a single server.
Stopping a DDoS attack is always much more complex than a DoS attack. The reason is to protect ourselves from a DoS; it is enough to block the IP address of a single device connected to the Internet. Being a single device, it is also much more difficult to saturate the server’s Internet connection that receives the attack.
Currently, it is tough to see DoS attacks since, on rare occasions, they can become effective against a dedicated server connected to a good network infrastructure.
What Is A Volumetric DDoS Attack?
As we have said before, in some DDoS attacks, the server connection is saturated, which means that genuine user requests never reach it.
In a volumetric DDoS attack, you do just that: you saturate the target network with vast amounts of traffic, and in some cases, you also saturate the CPU and RAM of the attacked server. A volumetric DDoS attack focuses more on the part of data sent than the number of requests sent.
In some cases, volumetric DDoS attacks can be used to “hide” other types of illegal activities.
In summary, in volumetric DDoS attacks, the connection capacity of the attacked server is usually saturated.
What Is A UDP Flood DDoS Attack?
In a UDP flood DDoS attack, many UDP packets are sent en masse to a server, thus saturating its Internet connection.
In a UDP flood DDoS attack, packets often carry false or invalid data. This forces the server to check and verify the data to determine if the packet is valid, overloading its processing resources (CPU and RAM, among others).
Typically, UDP denial of service attacks are much more difficult to stop than TCP attacks since UDP packets are usually smaller and simpler, not requiring an ACK (check).
In short, UDP flood DDoS attacks try to saturate the processing resources of the attacked server.
What Is An ICMP Flood DDoS Attack?
In this type of DDoS attack, large numbers of ICMP packets are sent to a server to overwhelm the capacity of the attacked server’s Internet connection.
To understand ourselves, ICMP packets are sent when we PING a server or another computer. It should be noted that for this reason, there are many network devices on the Internet that are configured not to respond to PING and, therefore, ICMP packets.
In short, ICMP denial of service attacks try to saturate the network connection of the attacked server using large volumes of ICMP requests.
What Is A SYN Flood DDoS Attack?
This DDoS attack is based on sending many SYN packets distributed from various clients to an attacked server. As in the case of the DDoS attack by UDP, it is sought that the attacked server is not capable of processing all the data that reaches it and becomes saturated.
Normally, SYN packets are sent from a fake IP. This type of attack consists of the server leaving connections open while waiting for the last response from the client (a reply that never arrives because it is false).
In short, this type of attack is a mix of ICMP and UDP attacks, although it seeks to saturate the resources or configuration limits of the server by leaving connections open.
What Was The Best DDoS Attack In History?
Although throughout the history of the Internet, there have been very brutal attacks, in recent years, with the increase in clients connected to the Internet and the capacity of home connections, DDoS attacks are becoming more powerful.
When this post was published, the most brutal DDoS attack ever took place in 2017. Google Cloud was attacked with 2.54 Tbps, although Google did not report it until October 2020. In this case, 180,000 were used. Hacked web servers to send traffic to Google.
As we have said, over the years, very considerable DDoS attacks have been seen:
- In February 2020, a customer hosted on Amazon AWS was attacked with 2.3 Tbps from servers with hacked websites.
- In February 2018, Github was attacked with a 1.3 Tbps DDoS attack using hacked memcache servers.
- In October 2016, a botnet created by malware called Mirai attacked several major websites like Airbnb, Netflix, PayPal, Visa, Amazon, Reddit, Github, etc.
- In 2013, Spamhaus was hit with a 300 Gbps attack that was mitigated by CloudFlare, a big DDoS attack for 2016.
Before the above dates, there were also DDoS attacks, but there is no information on the volume of data used. As I said before, keep in mind that, with the advancement of the Internet, the importance of data used for attacks is increasing.
How Can We Protect Ourselves From DDoS Attacks?
At the beginning of the post, I commented that most hosting providers receive attacks directed at our clients, and it is our obligation to stop them, not only for the end client but also for the “health” of our infrastructure.
To give you an idea, a large enough DDoS attack can completely knock out most network providers. For this reason, companies specialize in mitigating attacks of different types, such as DDoS attacks.
Keep in mind that if the data volume of the attack exceeds the provider’s network capacity, even if the attack targets a specific customer, the other customers of the provider will also lose service.
To be honest, no Spanish provider can block a DDoS attack like the five exposed in the previous section of this post.
But all is not lost since there are services like CloudFlare that are capable of blocking very brutal attacks. On the CloudFlare website, they comment that the largest attack they have mitigated
was 1.2 Tbps but that they have 172 Tbps of mitigation capacity.
We are talking about very powerful DDoS attacks. Still, the good news is that, in practice, most DDoS attacks do not exceed 10 Gbps, something that any hosting or network infrastructure provider can quickly mitigate with some skill.
When we talk about “ability,” we are really referring to techniques based on implementing rules on network devices to detect which IPs are attackers and redirect them to “dead-end” points on the network. An AntiDoS or a network device can do this.
Unfortunately, if you don’t manage the network where your server is hosted at the user or webmaster level, you can’t do anything except implement a service like CloudFlare to mitigate the attack.
Also Read: The Different Types Of VPNs