DDoS: definition, specifics and how to protect
What is a DDoS attack?
Distributed Denial of Service (DDoS) attack is a cybersecurity weapon aimed at disrupting service operations or to extort money from targeted organisations. Attacks can be driven by politics, religion, competition or profit.
Technically a DDoS attack is a distributed version of a Denial of Service (DoS) attack with the goal of disrupting business operations. This attack uses a high volume of traffic to overload normal operations of service, server or network interconnection, rendering them unavailable. DoS attacks interrupt a service while distributed attacks (DDoS) are carried out on a much larger scale resulting in successfully shutting down entire infrastructures and scalable services (cloud services).
DDoS has a serious impact on business
When a DDoS targets a web server that is serving your company's home page, the page becomes unavailable for legitimate customers. This can lead to a downgrade in brand recognition and a loss of trust.
When your service is not available for your customers, this can affect your bottom line. You may need to execute a Service Level Agreements which impacts your company financially.
When your service is relied on by many sites, having it down may lead to unavailability for some time for those other sites that rely on your service.
Selected examples of DDoS attacks
- The New Zealand Stock Exchange was a target of a volumetric DDoS attack in August 2020 which resulted in service shut-down for three consecutive days and millions of dollars were lost.
- In February 2020, a global hyperscaler reported their infrastructure was attacked with 2.3Tbps of flooding traffic or 20.6 million requests per second.
- In February and March of 2018, a number of companies reported a newly observed attack vector based on a memcached flaw using amplification and reflection techniques. OVHcloud observed and filtered attacks as large as 1.3Tbps.
- A Dyn DDoS cyber attack in October 2016 resulted in the outage of major internet services. This attack was a series of DDoS attacks targetting systems operated by the Domain Name System (DNS) provider Dyn.
- The Mirai botnet made up of more than 600,000 compromised IoT devices (like cameras) was used in September 2016 to attack a well-known security news page - KrebsOnSecurity. This attack was targeting the victim's page with as much as 620Gbps of traffic during its peak. At the same time, OVHcloud reported more than 1Tbps of attack.
Types of DDoS attacks
Volumetric DDoS attacks
Volumetric DDoS attacks are the most popular. A DDoS attack aims to make a server, service or, infrastructure unavailable by flooding it with a huge number of requests. By doing such, the network connection or server's resources are saturated in a way that legitimate requests are not able to reach the server or it can't handle the load nor answer requests. A large number of compromised computers (or other connected devices e.g. IoT or cameras) called a botnet, can be used by hackers to make an attack more distributed, thus successful. One of the common techniques used by attackers is to send large amounts of small packets to such a botnet with spoofed IP-address, which in turn all respond with even bigger packets directly to the victim (to the spoofed IP). Targets of such floods of traffic are usually not able to respond or their internet connections become fully overloaded (reaching their bandwidth limits). This technique is called a reflection and amplification attack.
These types of attacks target protocols used for network communication and exploit their weaknesses to render a victim's server or service unavailability. In some cases this can lead to the overloading of intermediary devices connecting the victim's services to internet.
An example of this is a Smurf DDoS attack.
This type of attack is a network-layer distributed denial of service attack. A packet sent from an attacker to a broadcast network address results in an automatic response from every host. Using this method and spoofing source IPs, attackers can trigger a large number of responses and overwhelm a victim with traffic. With enough ICMP responses, a target can be taken down.
Application-layer (L7) attacks
Applications implement the most advanced logic and are usually the most resource-intensive, the most specific, and probably the least tested. This makes them a perfect target for an attack.
Attack methods targeting this layer usually require the least amount of resources and for the most part, can stay undetected by general firewall and DoS protection systems.
A good example is a game server attack (e.g. targeting Minecraft servers) that makes a game unreliable, with lots of jitter or players losing their connections or even causing downtime. This makes game-servers unusable thus the platform loses its rank and the owner's image is tarnished. This leads to losing players and money.
Defending such types of attacks requires a good understanding of application logic and its specific usages for the best attack protection.
Learn more about our anti-DDoS solutions
Discover our public and private cloud services
Bare Metal servers
From website hosting to high-resilience infrastructure deployment, get the dedicated server that meets your requirements and goals. Customise your machine to suit your project in just a few clicks.
- 120-second delivery
- Unlimited traffic on all our servers*
- No setup fees with a commitment
*Excludes datacentres in the Asia-Pacific region
Hosted Private Cloud
Accelerate your digital transformation with our scalable Hosted Private Cloud solutions. Our products are agile, innovative, and deliver optimal security for your data — so you can focus on your business.
- On-demand resources
- Trusted cloud hosting
- Multi-cloud environments
- Disaster Recovery plans
The OVHcloud Public Cloud offers you a large number of cloud solutions that are billed on a pay-as-you-go basis. Our infrastructure is set up in a simple way to support you with your business — harness the flexibility of on-demand resources to scale up from small projects to large-scale deployments.
- Managed Kubernetes
- Managed Private Registry
- Object Storage