What is DDoS? It stands for "Distributed Denial of Service". In computer science, a denial-of-Service attack is an unsuccessful cyber-attempt by a remote attacker to make a system or network unavailable to its intended clients by either temporarily or forever disabling services of a server linked to the World Wide Web. Common methods used by attackers include spoofing (reversing the original protocol to stop data packets from reaching their destination), jamming, and flooding. A denial-of-Service attack is considered to be one of the most serious attacks a computer can undergo, and can cause critical damages in a very short amount of time, or may even deny access to the Internet for prolonged periods.
The DoS attacks usually come from attackers with the aim of intruding on your servers and stealing personal and financial information. Distributed denial-of-Service attacks are not very different from other types of attacks, and the best protections against them are to prevent it. There are numerous ways to block Distributed Denial-of-Service attacks. Here are some of them:
- Stressers. The use of too many active servers or connections can seriously strain the resources of your network. As such, DoS attacks are made harder by overloading your resources. Overloading the servers causes excessive data transfer rate that leads to DDoS attacks. Preventing stressers from causing DDoS attacks is an important step towards preventing DoS attacks.
- Application layer attacks. Similar to stressers, application-layer attacks can also strain your network's resources. However, unlike stressed, application-layer attacks are not directly performed by applications themselves but by their supporting software or drivers. Therefore, application-layer attacks are easier to prevent than stressers.
- Bandwidth restrictions. Some ISPs impose bandwidth caps to prevent Gbps attacks. However, if the ISPs can convince users that a Gbps is necessary for optimal performance, they will often enforce the cap to avoid traffic problems on their network. If your Internet service provider doesn't have a policy of enforced caps, then you should strongly consider getting your own one.
- Detection and response. Most ISPs have in-house systems that help them detect malicious attacks. However, the response phase of the attack may be delayed, thus giving attackers more time to prepare an assault against your server. In this case, the best way to address DoS attacks is to install and maintain dedicated DoS detection and response servers to monitor network layer attacks and prevent their future occurrence.
- Common attacks/rasps. DoS attacks usually target single servers. However, a DoS attack can also affect multiple servers at the same time. For example, an ISP can easily bring down your entire network if DoS attacks are prevalent on their servers. Thus, it is very important for an ISP to determine the cause of a particular attack, trace the attack's path, and then respond accordingly.
As mentioned earlier, routers are used between client computers and servers for packet forwarding. To prevent DoS attacks against routers, you should configure them to allow packets of large Gbps. Even if you don't need huge data transfers, don't you want to ensure that your network never goes below your allowed bandwidth? If you don't, then you are taking for granted the safety of your data and your computers.
- Booters. Booters are another common attack tool. They first appear as legitimate traffic on the network layer and then send fake requests to resources when no connections are available. Some of the commonly used booter tools are: Trojan Horses (malware), worms (malicious software), spoofing software, and proxy servers. Booters can bring down or crash your system, cause errors in network protocols, and collect system monitoring information.
- Application layer attacks. Application layer attacks refer to attacks on services, applications, and web services such as mail servers, Internet networks, and gaming consoles. These types of DoS attacks can come from any application. For example, a hacker can remotely control your camera or manipulate your email server. Most commonly, they come from web applications. You may not be able to detect application layer attacks because of their subtle nature.
- Stressers. Stressers are malicious software programs that send out unusually high-rate or repeatedly-occurring traffic bursts. These bursts can cripple or completely deny an application's capability to function. Common stressers are worms, malware, and fake banking sites. Some of these attacks use "water-chair" techniques that allow them to spread rapidly and infect multiple computers simultaneously.