What is a DDoS attack (Distributed Denial of Service (DDoS)?
The acronym DDoS stands for distributed denial of service. A distributed denial of service attack represents a method of attack on the Internet in which an attempt is made to make a target system and its Internet services no longer usable or only usable to a very limited extent for the user by overloading it. In contrast to a normal denial of service attack (DoS attack), which can also originate from a single host, a DDoS attack usually consists of a vast number of individual requests from a large remote-controlled botnet. The larger such a botnet is, the more effective the attack is.
A DDoS attack can cause significant economic damage to the affected company or organization. A loss of image or dissatisfied users and customers can also be the result. A similar attack method is a DDoS attack. The difference is that in a DDoS attack, only a single Internet connection or a single computer is used to attack a system.
Botnets as a prerequisite for DDoS attacks
For DDoS attacks, the availability of so-called botnets is a basic prerequisite. These botnets are often set up well in advance of an attack by distributing backdoor programs. The malware installs itself on the computer owner’s computer without his knowledge and makes it controllable from a distance. Infected computers independently try to infect other computers and expand the botnet.
Large botnets can consist of hundreds of thousands of computers distributed around the world. To start the DDoS attack, a master system gives the computers the order to flood a specific target with requests. Since for the attacked server the requests come from many different end systems from all over the world, it is not possible to stop the attack by simply blocking computers or IP address ranges.
The Internet of Things (IoT) is becoming increasingly important for DDoS attacks. This is because, in addition to computers, networked devices such as Internet-connected televisions, surveillance cameras, routers or set-top boxes can also be used for botnets and DDoS attacks. In many cases, the devices are operated with outdated firmware or with default passwords, which makes it much easier to break into the systems.
Methods for DDoS attacks
DDoS attacks can occur at different layers of the ISO/OSI layer model. One of the most common methods is the network-level attack. For example, a targeted overload of a server’s network bandwidth can be induced. In methods such as HTTP flooding, attackers use higher layers.
Using HTTP web requests in large numbers, for example, it is possible to overload the web server application rather than the target’s network interface. Since the requests are indistinguishable from normal user requests, a conventional firewall can hardly defend against such an attack.
Another popular method for DDoS attacks targets the Domain Name System (DNS). Countless DNS requests overload the DNS service so that it can no longer answer the normal DNS requests from users to resolve domain names. In this case, too, the target application is no longer accessible for the user.