DDoS Attack

DoS (Denial of Service)

DoS is a type of cyber attack to make service/device unavailable by overwhelming or flooding the target with massive requests until normal traffic is unable to be processed.

DDoS (Distributed Denial of Service)

DoS uses a single computer, DDoS uses many, such as botnet.

The source of attack machines can come from infected computers or IoT devices.

Types of Attack

Network has 7 layers, aka OSI model.

Application Layer

This is HTTP flood.

Protocol Attacks

Targets firewalls and load balancers.

This is SYN flood, taking advantage of TCP handshake.

Volumetric Attacks

This category of attacks attempts to create congestion by consuming all available bandwidth between the target and the larger Internet. Large amounts of data are sent to a target by using a form of amplification or another means of creating massive traffic, such as requests from a botnet.

Solution

• Blackhole Routing
  • Like /dev/null, route traffic to a blackhole.
• Rate Limiting
  • Limit request frequency from a from a host within a time window.
• WAF (Web Application Firewall)
  • Firewall as reverse proxy, protect server from malicious traffic (on the 7 network layers), by filtering requests based on rules to identify DDoS tools.

Reference

• Cloudflare: What is a DDoS attack?
• Cloudflare: What is denial-of-service (DoS) attack?
• What is a DDoS botnet?
• DNS amplification