Distributed denial-of-service attack (DDoS attack)

A distributed denial-of-service attack (DDoS attack) is a malicious attempt to make an online service unavailable to the users. The attacker usually temporarily interrupts or suspends the services of its hosting server.

Why do hackers make DDoS attacks?

The most common purposes are:

  • Ideology – the “hacktivists” take down websites that they do not agree with;
  • Business feuds – businesses can use DDoS attacks to harm their competitors;
  • Wringing money – criminals can take down websites for extortion;
  • Cyberwarfare – governments can authorize DDoS attacks to damage an enemy’s infrastructure;
  • Simple boredom – cyber vandals can perform these attacks just for an adrenaline rush.

Common examples of DDoS attacks

  • UDP flooding

This DDoS attack floods a target with User Datagram Protocol (UDP) packets. The host repeatedly looks for applications associated with these datagrams. As no application is found, it replies with a “Destination Unreachable” packet.

  • SYN flooding

SYN flooding means that the attacker sends repeated Synchronize (SYN) packets to every port on the targeted server, often using a fake IP address. The server responds to each attempt with a Synchronize-Acknowledge (SYN-ACK) packet from each open port. But the malicious client does not send the expected Acknowledge (ACK) or never even receives the SYN-ACK.

During this time, a server cannot close down the connection and before the connection can time out, another SYN packet will arrive. This means that an increasingly large number of connections are half-open. As a result, the service to legitimate clients will be denied, and the server may malfunction or crash.

  • HTTP flooding

In this type of attack, the hacker uses legitimate-looking HTTP GET (requesting data from a resource) or HTTP POST (sending data to a server to create/update a resource) requests to attack a web server or application. The target becomes flooded by requests, so it is unable to respond to normal traffic. As a result, a denial-of-service will occur for the actual user requests.

Tactics to prevent a DDoS attack

First of all, companies need to have a response plan for possible denial-of-service situations. Their data centres should be prepared, and the teams aware of their responsibilities. Second, it is important to maintain a strong network architecture, and to secure the infrastructure, using advanced intrusion prevention and threat management systems. 

The most basic countermeasure is to allow as little user error as possible. This means solid security practices that help keep business networks from being compromised. These measures alone do not stop the DDoS attacks but serve as a critical foundation for security.