May 13, 2016
Distributed Denial-of-Service (DDoS) is a method of attacking a server or network by sending more data to it than it can respond to. DDoS attacks focus multiple computers on a single target in order to weaken or remove its ability to function.
Despite rapid advances in bandwidth and processing speed, computers are limited in the amounts of data they can process at any given time. Computers that continuously experience high loads will respond more slowly, crash more frequently, and experience a greater number of hardware failures.
Sustained load from an external source such as an Internet user is known as a denial-of-service (or DoS) attack. The purpose of a DoS attack is to prevent a service from responding to legitimate requests by flooding it with fake (zombie) requests. Distributed denial-of-service attacks are the result of sustained load from several sources.
How DDoS Works
There are several methods of performing a DDoS attack, from flooding a server or network with extraneous data to disrupting or obstructing routes between the service and its users. This article describes SYN flooding, which is one of the most common attacks.
Step-by-step, here’s how SYN flooding works:
- An attacker requests a connection to a server by sending a synchronize (SYN) message. This starts a three-way “handshake” process where the server and the attacker negotiate a connection.
- The server acknowledges the SYN with a SYN-ACK.
- Normally, the attacker responds with an ACK, finalizing the connection. In a SYN flood, the attacker doesn’t respond with an acknowledgment. Meanwhile the server keeps the connection open while waiting for an acknowledgment.
- The attacker continues sending SYN messages which exhaust the rest of the available connections on the server.
An attacker can use different tricks to prevent the handshake from completing such as changing the source IP address in the message. A distributed SYN attack involves multiple attackers, reducing the chance that the target can mitigate the attack by blocking or retaliating against any one attacker.
Example of DDoS
Over the 2014 holiday season, Microsoft’s Xbox Live and Sony’s Playstation Network video game services were temporarily taken offline due to DDoS attacks. Both services, which provide content delivery and multiplayer for millions of users, experienced outages for at least 6 hours on Christmas day.
Responsibility for the attack was attributed to a hacking group that claims to be behind additional DDoS attacks on some of the world’s largest web services including Facebook, Malaysia Airlines, the Tor network, and North Korea. The group, known as Lizard Squad, has gone so far as to commercialize their tool for performing DDoS attacks. DDoS attacks are performed for a variety of reasons, from competition to extortion.
When Enterprises Plan for DDoS Attacks …
The result of planning for a DDoS attack can benefit both an enterprise and its users.
- Enterprises experience fewer outages with networks designed to handle denial-of-service attacks.
- User satisfaction increases since there are fewer risks of the service becoming unavailable due to an attack.
- The effectiveness of DDoS attacks decreases as enterprises implement new ways of mitigating attacks, benefiting the Internet as a whole.
DDoS attacks are on the rise. One of the largest DDoS attacks was carried out against independent news sites Apple Daily and PopVote, reaching 500 Gbps at its peak. While most enterprises are unlikely to see attacks of that size, mitigating DDoS attacks will become crucial for any online service.