A Denial of Service attack (DoS) or Distributed Denial of Service attack (DDoS) aims at rendering a computer resource either unavailable or with sufficiently crippled user accessibility. There are different techniques and means to launch such attacks. Motives could also be very varied, as well as the targets. DDoS attacks usually represent the organized attempts to make a web site or service not function or cause sufficient downtime for a limited time or permanently.
Typical targets of DoS attacks include all kinds of (prominent or not so prominent) sites or services such as financial and banking institutions, online e-commerce establishments, news & media sites, online gaming communities, the public sector, and lately, even entire countries.
Yes it can. It doesn't matter what your online business is, your revenue streams depend on the uptime of your site and services. Unfortunately, criminals (it doesn't matter who: your ill-wisher, racketeers or competitors, or even sometimes bored students) are aware of your site's accessibility reliance and make it their main purpose to sever your customers' connection with your business thus causing lackluster or null service or entire site's performance.
As it happens, there is a number of means of achieving this goal, Distributed Denial of Service attacks being the major and fastest spreading one nowadays. There is also evidence the cost of launching such attacks has decreased dramatically over the recent years.
TYPES OF DDOS ATTACKS
There are four primary types of DDoS attacks that provide the foundation for numerous variations and combinations. Below is a brief description of what they are and how they affect site/server accessibility.
SYN flood - numerous TCP connection requests (SYN packets, the first packet of the three-way handshake) are sent to a machine at such a rate that it cannot cope to process all of them. Often, these packets are sent with randomly-generated spoofed source IP addresses. The server responds to SYN request by sending a SYN-ACK trying to establish a valid connection, then waits for confirmation (ACK) for some time, yet such confirmation never arrives. Thus, the connection table of the server fills up and as it does, all new connections are dropped and legitimate users are effectively cut off from accessing the server.
Connection flood is an attack that creates a vast number of empty connections to the targeted server. Only packets establishing the three-way handshake (SYN, SYN-ACK, ACK) are sent with no data transfer, the server starts waiting, within keepalive TCP parameters if such are set at all, for data that never comes through. As the name suggests, the aim is to create a large number of real connections, coming from real IP's, eating into the backlog connection capacity of targeted web servers.
UDP flood is mostly aimed at bandwidth depletion. A large number of big (up to 35Kb) packets are being sent, often with spoofed source IP addresses to a targeted host through the stateless computer networking protocol UDP. In order to intensify bandwidth abuse, sometimes packets are sent to random ports on the host, thus increasing return ICMP rates, in which case the victim server usually replies with an ICMP Destination Unreachable packet after checking for application listening at the respective port and finding none. Connection bandwidth is depleted, rendering the server unreachable by real clients.
HTTP flood aims to bring down a machine through en masse addressing of a single or multiple URLs within a domain, thus causing a webserver overload and as a result - hardware resource depletion. HTTP Flood attacks sometimes lead to physical destruction of server hardware, due to its inability to cope with the overload on CPU and RAM. Rather than going after static content, attackers prefer to target dynamic content in order to amplify hardware load. As the server gets busy with the attack requests, it cuts off or considerably slows down "good" traffic generated by legitimate users.
USE CASES, REAL-WORLD APPLICATIONS
e-Shop Suffering from DDoS Blackmailer Attacks
What we have here is a case where an online commercial site, an e-shop with around 4,500 visitors and EUR 400 - 1,500 daily revenue was hit by a blackmailer who inflicted and sustained a DDoS attack for 2 days. The criminal then sent an email to the victim saying that this attack was, by way of demonstration, a warning of what he can do, so dish out or else. He demanded EUR 5,000.
Dumbfounded and confused, the e-shop owners decided to pay. And they did... ...only to find themselves under another attack a couple of weeks later. The same guy... ...requesting more money. At the face of the evident trend that was forming, the victim decided to try and get some sort of protection.
Eventually, the victim found Vistnet's offer on the Net. Instead of thousands of dollars, Vistnet asked for hundreds for its special e-Commerce package. A package specifically designed with e-shops and the like in mind. A package that promised them their transactions and other business-specific needs will be covered. There was a free 24 hr. test, too. The victim tried Vistnet's protection - with an extremely easy order and automated setup process, it took 45 minutes to get the protection up and running. The victim never received another blackmail letter from the DDoS-er - he had nothing to scare them with anymore.
Budget DDoS Protection
It had been great several months so far! She had just published her fan & blog site on the Net - dedicated to her all-time favorite singer. She had started to make it visible, joining the circle of fan sites and making the rounds in the search engines. People started to come, stay, comment, like and praise. She even started making a little money from what they call "Affiliate Marketing". Life was good!
Emboldened by success, She decided to go for the big league - started posting links in the professional fansite networks. And then... a DDoS attack came from out of the blue. And stayed. She started getting worried emails, concerned visitors asking after their newly-found favorite site? The DDoS-ers just wouldn't quit the attack - a small-scale one (Connection flood with 6-8 kpps) but permanent. Her shared hosting provider also suffered and decided to cut all her traffic off.
The fun was gone. She was reduced from a public figure, a publisher-of-sorts with substance and something to say, to an ordinary housewife. Back to square one.... Resolved to make it work, She started educating herself, learned about DDoS attacks, how they work, and most importantly, learned that She could get protection. So, She set out to do so.
Being new to this situation, and without too much cash to play around with, She decided to switch her "ordinary" hosting to a DDoS Protected hosting that cost "only" EUR 20 per month. The effect was far from desired - while the protection managed to diminish slightly the consequences of the ongoing attack, it was largely inefficient. The protection either managed to block only a fraction of the bad traffic or blocked all traffic to the site - good and bad.
What next? She looked further, into "serious" DDoS Protection providers, only to find out that her little pastime hobby, and the attention it was drawing from DDoS-ers could do her budget in. Easily. The "real" DDoS Protection cost real money. Thousands per month. And yes, She would get top-level protection, with ALL bells and whistles.
Soon She realized, that what her site needed was far less from "all bells and whistles" - She needed simple http protection. For "simple" money.
Vistnet offered Her their "Starter" Package. The money was very reasonable. The protection level (1mpps) was more than needed. She took it. Her site is up again, and has been ever since. It will be up, DDoS-free, until She finds another all-time favorite performer and ditches the old one.
WHITEPAPERS, EXTERNAL READING
Vistnet Whitepaper: DDoS Attacks 101 (PDF)
Anti-DDoS Action Plan for Hosting Providers: (PDF)
External Reading (please read our Disclaimer):
How SMBs Can Minimize Denial-of-Service Risks, InformationWeek SMB
SMBs Need Denial-Of-Service Action Plan, InformationWeek SMB
Definition: distributed denial of service attack, Search Security
Techniques for Cyber Attack Attribution, DTIC Online (PDF)
Distributed Denial-of-Service Attacks and You, Microsoft TechNet
The Botnet Business, SecureList
There is absolutely no way to fight DDoS Attacks without employing high-capacity, stable and secure internet channels, specialized software solutions and distributed hardware equipment. Thus, the problem of fighting DDoS attacks is usually not readily solvable for small and medium sized businesses.
From a financial point of view, it is much more viable to engage the services of companies, whose core competence is the development and provision of DDoS Protection. Sometimes that can also cost you a considerable portion of your income. We understand this and have designed our offerings to be cost-effective, yet very powerful.
We have the technology and infrastructure to keep your website online even while under the severest of DDoS attacks. You don't need to make any additional software or hardware investments. The protection can be activated in minutes - right after your order, and you will be able to forget about the DDoS threat forever. Our mitigation technology is truly hassle-free, just make an account, give us some information about your hosting structure and we will take care of everything else.
Your business can be cost-effectively protected from all types of DDoS attacks without exception. Guaranteed: we are so confident in the power and effectiveness of our service that we are the only company in this business offering 100% money back guarantee if our service doesn't perform well for you.