What is distributed denial-of-service attacks
A Distributed Denial-of-Service Attack is a malicious attempt to disrupt the normal traffic of a server that is being targeted by an attacker (cybercriminal), whereby the network becomes overwhelmed with traffic, which causes operations or communications to significantly slow down.
One must take note of the difference between DoS and DDoS attacks, Denial of Service attacks, floods a server with traffic, making a website or resource unavailable. A distributed-denial-of-service attack is a DoS attack that uses multiple computers or machines to flood a targeted resource.
Categories of Distributed-Denial-of-Service
Distributed-Denial-of-Service (DDoS) attacks can be divided into three main categories. These are
Volume base attacks The attack goal is to saturate the bandwidth of the specified site by using a communication protocol called User datagram protocol (UDP), where the malicious user overwhelms random ports on the targeted host to make the system unresponsive.
Protocol Attacks This type of attack consumes server resources or those of intermediate communication equipment, such as firewall and load balancers.
Application Layer Attacks This is a slow attack (controlled volume traffic) that targets Apache, Windows or OpenBSD. The attack looks legitimate in sending a request to servers and workstations, but it intends to crash the webserver.
Indicators of compromise
Signs and symptoms can include but are not limited to:
1. slow network traffic
2. poor performance, excessive processor usage and often 3. a failure of the service.
How to mitigate a DDoS attack
One hundred percent security cannot be guaranteed, however, there are proactive measures one can take to mitigate the effects of a DDoS attack. Some measures include:
Implementing a DDoS protection service that detects abnormal traffic flows and redirects away from the network.
Installing a firewall and configuring it to restrict traffic coming into and leaving your network.
Installing and maintaining antivirus software
Take steps to strengthen your security posture of all internet-connected
devices to prevent them from being compromised:
o Create a disaster recovery plan to ensure successful and efficient communication and mitigation in the event of an attack.
The Guyana National CIRT recommends that users and administrators review these recommendations and implement them where necessary.
PDF Download: Distributed Denial of Service Attacks.pdf
References
https://us-cert.cisa.gov/ncas/tips/ST04-015
https://www.cloudflare.com/learning/ddos/glossary/denial-of-service/