DDoS attacks have become veritable scourges for websites. This type of web attack consists in exhausting the network connection or the resources of a server in order to disrupt the associated site: most often, they result in the unavailability of the site. Inexpensive and simple to carry out, they are a tool of choice to attack the image of a company, gag an embarrassing media or reduce the turnover of an e-merchant.
It is estimated that a DDoS attack costs victims an average of 7,000 to 40,000 CHF per hour, according to a Neustar report, and this cost can be even higher when very large sites are targeted. Learn how these threats work and how to protect yourself against DDoS attacks.
Discover our Anti-DDoS solution in more detail!
WHAT IS A DDOS ATTACK?
DDoSs are a category of attack based on denial of service (DoS). Most often, we hear people talking about DDoS, which stands for “Distributed Denial of Service”. Their aim is to make a website or web application unavailable, to attack the image of a company or to hide an attempt at another even more serious attack, by distracting your attention and that of your partners.
A denial of service attack, or DoS, consists in sending a multitude of queries to your website from a machine (computer or server). For example, a hacker can write a script that responds several times per second to a contact questionnaire. Overwhelmed by the frequency and number of “fake” queries, your server can no longer process queries from legitimate users: your site becomes inaccessible.
DDoS attacks operate using the same principle, the difference being that they are “distributed”. For example, instead of a single machine sending 10 Gb/s of queries to your site, 10 machines each send 1 Gb/s. The result is the same, but the DDoS attack becomes harder to stop!
Of course, DDoS attacks usually come from hundreds of thousands of machines, or even more. These are “botnets” (contraction of “robot” and ” network”), “zombie machines” that are often infected with a virus or malware and operated without the knowledge of their owner. However, some people choose to join one of these networks: they are referred to as “voluntary botnets”.
Your servers can also be part of these networks of zombie machines if they have been compromised by a hacker: to counter this, and thereby avoid the exploitation of your resources for malicious purposes, we recommend that you test the security of your site and look for possible back doors.
Another type of attack can also be mentioned, namely the DrDoS, which stands for “Distributed Reflection Denial of Service”. These consist in spoofing the IP address of your site or web application and then using it to send queries, where the response requires the transfer of a large amount of data. Your server then receives the response to these queries that it did not send, and is overwhelmed by the amount of data received. Once again, your website or web application becomes unavailable.
Denial of service attack: network or application?
As we have seen, DDoS attacks can exploit the network: the attacker saturates your site’s network connection by sending a huge number of queries. However, it is also possible to exploit the features of your application, in order to exhaust CPU or RAM resources: this is referred to as an application DDoS attack.
For example, if a page on your site takes a particularly long time to load, it is probably consuming a lot of the resources allocated to the corresponding web server. By calling this page every second, for example, the hacker can overload your server, whose resources are no longer sufficient to handle all these queries.
DDoS attacks: a boon for hackers
DDoS attacks have become a fundamental element in the hacker’s arsenal. Cheap and easily marketable on the Internet for anyone who knows where to look, they are within the reach of everyone, even people without technical knowledge. All this leads to a result that is frighteningly efficient! In addition, the number of terminals connected to the Internet is also increasing exponentially, between the increase in the proportion of the global population that is connected and the advent of new trends, such as the Internet of Things. This broadens the hackers’ scope of attack and increases the number of machines that can potentially become “zombies”.
It is not surprising then that these IT attacks have become more and more significant in recent years, both in number and power. In 2011, 20 Gb/s was enough for the LulzSec group to bring down the US Senate website. In October 2016, the biggest ever DDoS attack was recorded, with a strike force of 1.2 Tb/s through the use of connected objects. This represents an increase of 6,000 % in terms of fire power!
Beyond the fact that they are easy to perform, DDoSs attract hackers because it is very difficult to trace the source of these attacks. Those who order these attacks and those who perform them can be fined up to 75,000 CHF and risk 3 years in prison, but they are rarely found, let alone arrested or prosecuted.
PROTECTION AGAINST DDOS ATTACKS
There are several means of stopping a DDoS attack. It is possible to use the technique of “blackholing”, which essentially consists in removing the hacked IP address from the Internet directory, so that it can no longer receive queries… but this leads to the total inaccessibility of the site.
However, the simplest method to counter a DDoS attack is to equip yourself with an anti-DDoS system, as well as other means of mitigation. To protect its customers, Net4All is equipped with a set of elements, enabling us to guarantee your protection against these common and frequent attacks.
Discover our anti-DDoS solution in more detail!