Server Error: Distributed Denial-of-Service (DDoS) Attacks Explained

Distributed denial-of-service (DDoS) attacks aim to overwhelm and take down servers. Successful ones can have a huge financial toll on their targets, whether they’re coporations, small businesses, governments, schools, hospitals, financial institutions, or individuals.

In 2022, DDoS attacks have hit online video games and foreign government websites. And Google says it fended off a record-breaking attack on June 1, which peaked at 46 million requests per second. Cloudflare and Microsoft have also battled DDoS attacks this year.

How do DDoS attacks work? Here’s what you need to know.


What Is a DDoS Attack?

ddos attack


(Credit: Nasanbuyn / Wiki Commons)

When you load a web page, you send a request for the data on that page to the IP address of the server where the information is hosted. Depending on the size of the server, too many requests going to the same IP at the same time can max out its bandwidth and leave it unable to accept any new requests.

The goal of a DDoS attack is to artificially simulate this scenario by overloading a target server with traffic, denying access, disrupting operations, and ultimately rendering it unusable. A successful attack would prevent users from loading pages or using services associated with the affected server. Instead of the result they expected, people would receive an error message.

The Computing Technology Industry Association says DDoS attacks are currently one of the four top cybersecurity threats(Opens in a new window), alongside ransomware, supply chain attacks, and social engineering. And they’re only becoming more common, prompting the rise of DDoS-as-a-service schemes.

To pull this off, a cyber attacker needs access to multiple computers or devices that can be used to send requests to a target server. This is usually achieved by infecting devices with malware, then remotely taking control of those machines. That group of infected devices, called a botnet, is then used to flood the target server with bad traffic and deny service to actual users.

Since the machines under the attacker’s control are usually devices like desktops, laptops, or cell phones, the requests read as legitimate and can be difficult to guard against. However, there are ways to mitigate the threat of a DDoS attack.


The Different Types of DDoS Attacks

osi model graphic


(Credit: ComputerLanguage.com)

DDoS attacks can be tailored to target specific parts of the network, whether it’s where humans interface with their devices, where data is transmitted over the network, or network defenses like a firewall. Whatever the method, the goal is the same: Overload the resources of the target and leave it inoperable. 

To understand the different types of DDoS attack, it’s useful to understand the Open Systems Interconnection (OSI) model, which represents the seven levels of a network connection. It shows visually how we connect to the internet, and how the different devices that make up the internet transmit its information.

The OSI model is used as a reference for many kinds of cyberattacks, not just DDoS. But DDoS attacks often focus on OSI layer seven, the application layer where users request information via their devices. Volumetric attacks, in which the server is flooded with bogus traffic from seemingly legitimate IP addresses, is an example of a layer seven attack. It uses infected machines to imitate users interacting with the internet at the application layer.

However, layers three and four can also be targeted. These layers—the network and transport layers, respectively—are where the system decides which physical path is used to transmit data and what data protocols are used to send it.

Many hackers may also focus on multiple layers at once, depending on the complexity of their attack. A state exhaustion attack, on the other hand, weakens the entire system by exhausting defensive resources like firewalls and load balancers.

In a protocol attack, a hacker sends data packets with phony IP addresses. When the server gets requests from these spoofed IPs, it sends back a request for confirmation before sending any data. If an IP address doesn’t lead to a real device, the server can’t get confirmation, so it becomes stuck in an endless loop of requests that will never get a response. The more phony requests come in, the worse the problem gets.


How to Stop a DDoS Attack

web application firewall graphic


(Credit: Cloudflare)

DDoS attacks are ramping up in scale and commonality, so it’s worth the time and resources to have appropriate defensive measures in place, especially if you run a professional network. In addition to basic cybersecurity best practices, consider taking on extra servers, implementing firewalls, and drawing up a contingency plan to fend off an attack. 

Recommended by Our Editors

When a DDoS attack happens, your first step should be to determine what traffic is real and what is coming from the attacker, which can be difficult. Establishing a baseline for your network’s traffic will help you know what qualifies as a normal level of activity so you can identify spikes in traffic from unknown sources.

It will also help establish certain times when a spike in activity is normal. An online retailer, for example, would expect to have a pretty big uptick in traffic around Black Friday, so they would know not to panic and shut down all site traffic when it happens.

It’s also important to find out which layers of your network are being targeted. DDoS attacks can take multiple forms, from single-layer attacks to complex multi-vector threats that bombard several layers of the network at once. Once you’ve identified bad traffic and figured out where the attacker is trying to hit you, you can move on to defense methods. 

One way to fend off this type of cyberattack is blackhole routing, whereby traffic is dumped in to a null destination and dropped off the network entirely. This is an option available to all network admins and your ISP, but may not be ideal since it will dump regular site traffic along with the attacker’s traffic. According to Cloudflare(Opens in a new window), this essentially gives the attacker what they want.

Limiting the rate of requests a server can accept during a certain time period can also help fend off certain types of attacks. A brute-force volumetric attack designed to hammer the server with as many requests as possible, for example, could be mitigated by rate limiting. That would not, however, help against attacks that target protocol layers.

Other methods, such as a web application firewall(Opens in a new window) or network diffusion, which spreads traffic across a group of distributed servers, can also be used.

SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.”,”first_published_at”:”2021-09-30T21:22:09.000000Z”,”published_at”:”2022-03-24T14:57:33.000000Z”,”last_published_at”:”2022-03-24T14:57:28.000000Z”,”created_at”:null,”updated_at”:”2022-03-24T14:57:33.000000Z”})” x-show=”showEmailSignUp()” class=”rounded bg-gray-lightest text-center md:px-32 md:py-8 p-4 mt-8 container-xs” readability=”31.423799582463″>

Like What You’re Reading?

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.

Facebook Comments Box

Hits: 0