List of contents:
What is a DDOS attack?
What are the typical DDoS attack types?
attack categories under DDOS
Infrastructure Layer Attacks
Application Layer Attacks
DDoS protection methods
Decrease of the attack surface:
Make a scale plan.
Identify normal and abnormal traffic patterns.
Install firewalls to protect against advanced application attacks.
What is a DDOS attack?
A denial-of-service (DoS) attack is a criminal attempt to limit a targeted system's functionality to authorized end users, such as an application or a website. Hackers typically produce a lot of packages or requests, which eventually overload the target system. In the event of a Distributed Denial of Service (DDoS) attack, the attacker can make the attack using multiple hacked or controlled sources.
What are the typical DDoS attack types?
Several DDoS attack methods concentrate on various parts of a network link. Mostly on the internet, a network link is made up of numerous separate parts, or "layers." Every stage of the model has a distinct purpose, just like when building a house. A conceptual framework known as the OSI model is used to categorize network connectivity into seven different layers.
Attack categories under DDOS
When considering protection techniques for these attacks, it helps to divide them into network-level (Layers 3 or 4) and application-layer (Layers 6 or 7) attacks.
Infrastructure Layer Attacks
Infrastructure layer attacks are typically described as attacks at Layers 3 or 4. They are also the most regular DDoS attack types, and they include user datagram packet (UDP) floods and other reflecting attacks like synchronized (SYN) floods. Such attacks try to overload the network's and the application servers' capabilities and are often quite large in volume. But fortunately, these are the attacks that also have clear signs and are easier to spot.
Application Layer Attacks
A common classification for attacks at Layers 6 and 7 is "application layer attacks." These attacks are less frequent, but they also tend to be more advanced. Although the number of these attacks is often lower than that of attacks on the system layer, they frequently target specific expensive areas of the application, keeping them unavailable to actual users.
For example, a barrage of HTTP requests to a login page, a costly search API, or even XML-RPC floods from WordPress (also known as WordPress pingback attacks)
DDoS protection methods
Decrease of the attack surface:
Reducing the destroyable surface area is one of the primary strategies to reduce DDoS attacks since it gives you more room to deploy defenses in one location while also giving attackers fewer options. We must make sure that no ports, protocols, or applications are opened up for our application or resources from which they do not anticipate receiving any communication. reducing the potential attack points and enabling us to focus our mitigation actions.
You can sometimes achieve this by routing direct Internet traffic to particular elements of your system, such as your database servers, and hiding your processing resources inside Content Distribution Networks (CDNs) or load balancers. In other situations, you can use access control lists (ACLs) or firewalls to regulate the traffic that accesses your applications.
Make a scale plan:
The two main factors to take into account when considering them a major factor in massive DDoS attacks are server attack-absorbing capacity and connectivity (or transit) capacity.
Capability for transit: Ensure your hosting provider offers sufficient alternative Internet connectivity so you can handle high traffic volumes when you are designing and implementing your applications.
DDoS attacks' main goal is to reduce the accessibility of your resources and apps; therefore, you should place them near both your end users and significant Internet exchanges so that people can easily access them even when there is a lot of traffic.
The usage of Content Distribution Networks (CDNs) and smart DNS resolution services, which add another layer of communications infrastructure for providing content and answering DNS requests from places that are frequently closer to your end customers, is another way that web applications can advance.
The capacity of a server It is necessary that you instantly increase or decrease your computation resources because the majority of DDoS attacks are volumetric attacks that consume a lot of resources. You can achieve this by using greater processing resources or those with capabilities like better networking or more extended network interfaces.
In order to avoid overwhelming any one resource, load balancers are frequently used to continuously monitor and distribute loads among them.
Identify normal and abnormal traffic patterns.
The absolute basics are to be capable of handling only the amount of traffic our host can handle without compromising availability if we notice elevated levels of activity hitting a host. Rate limiting is the name of this idea. By examining each packet individually, more powerful protection systems can go one level beyond and intelligently admit only authorized traffic.
To do so, you must be able to evaluate each packet based on the quality of excellent traffic that the target typically receives.
Install firewalls to protect against advanced application attacks.
Using a Web Application Firewall (WAF) is a smart idea in order to protect your application from attacks like SQL injection and cross-site request forgery. Moreover, given the originality of these assaults, it should be simple to develop tailored mitigations against incorrect requests that might pass as genuine traffic, originate from infected IP addresses, come from unexpected geographic locations, etc.
The ability to study traffic patterns and develop customized defenses with the help of skilled support can occasionally be useful in preventing attacks as they occur.