A denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the network or Internet.
Also, a Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. This attack will send multiple requests to the attacked web resource – with the aim of exceeding the website’s capacity to handle multiple requests… and prevent the website from functioning correctly. (Source: kaspersky.com) A DDoS attack is launched from numerous compromised devices, often distributed globally in what is referred to as a botnet.
DoS is usually accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.
In fact, a DoS or DDoS attack is analogous to a group of people crowding the entry door of a shop, making it hard for legitimate customers to enter, thus disrupting trade. The attacker may request payment for stopping the attack. In some cases, a DDoS attack may even be an attempt to discredit or damage a competitor’s business.
DoS and DDoS Attack Types
DoS and DDoS attacks contain three categories:
- Volume Based Attacks: These type includes UDP floods, ICMP floods, and other spoofed-packet floods. The attack’s goal is to saturate the bandwidth of the attacked site, and magnitude is measured in bits per second (Bps).
- Protocol Attacks: These type includes SYN floods, fragmented packet attacks, Ping of Death, Smurf DDoS and more. This type of attack consumes actual server resources, or those of intermediate communication equipment, such as firewalls and load balancers, and is measured in packets per second (Pps). Read more about this attack.
- Application Layer Attacks: These type includes low-and-slow attacks, GET/POST floods, attacks that target Apache, Windows or OpenBSD vulnerabilities and more. Comprised of seemingly legitimate and innocent requests, the goal of these attacks is to crash the web server, and the magnitude is measured in Requests per second (Rps). A single HTTP request is computationally cheap to execute on the client side, but it can be expensive for the target server to respond to, as the server often loads multiple files and runs database queries in order to create a web page. Read more about this attack.
This section is abbreviated from imperva.com
How a DDoS Attack Works
Usually, the attacker’s ultimate aim is the total prevention of the web resource’s normal functioning. DDoS attacks are carried out with networks of Internet-connected machines. These individual devices are referred to as bots (or zombies), and a group of bots is called a botnet. Once a botnet has been established, the attacker is able to direct an attack by sending remote instructions to each bot. usually separating the attack traffic from normal traffic can be difficult.
How to Identify a DDoS Attack
There are some telltale signs of a DDoS attack:
- Suspicious amounts of traffic originating from a single IP address or IP range
- A flood of traffic from users who share a single behavioral profile, such as device type, geolocation, or web browser version
- An unexplained surge in requests to a single page or endpoint
- Odd traffic patterns such as spikes at odd hours of the day or patterns that appear to be unnatural (e.g. a spike every 10 minutes)
- There are other, more specific signs of DDoS attack that can vary depending on the type of attack.
This section is abbreviated from cloudflare.com