Recently, we have been able to see that DDoS attacks are quite a powerful weapon in the information space. Using high-power DDoS attacks, you can not only shut down one or more sites, but also disrupt the operation of an entire network segment or shut down the Internet in a small country. These days, DDoS attacks are happening more and more often and their power is increasing every time.

But what is the essence of such an attack? What happens on the network when it is performed, where did the idea to do this come from and why is it so effective? You will find answers to all these questions in our article today.

What is a DDoS attack?

DDoS or distributed denial-of-service is an attack on a specific computer on a network that causes it to become unresponsive to requests from other users by overloading it.

To understand what a ddos ​​attack means, let’s imagine a situation: a web server gives site pages to users, let’s say it takes half a second to create a page and completely transfer it to the user’s computer, then our server will be able to operate normally at a frequency of two requests per second. If there are more such requests, they will be queued and processed as soon as the web server is free. All new requests are added to the end of the queue. Now let’s imagine that there are a lot of requests, and most of them are sent only to overload this server.

If the rate at which new requests arrive exceeds the processing rate, then over time the request queue will be so long that no new requests will actually be processed. This is the main principle of a ddos ​​attack. Previously, such requests were sent from one IP address and this was called a denial of service attack - Dead-of-Service, in fact, this is the answer to the question of what dos is. But such attacks can be effectively combated by simply adding the source IP address or several to the blocking list; moreover, due to network bandwidth limitations, several devices cannot physically generate a sufficient number of packets to overload a serious server.

Therefore, attacks are now carried out from millions of devices at once. The word Distribed was added to the name, it turned out - DDoS. Alone, these devices mean nothing, and may not have a very high speed Internet connection, but when they all start sending requests to one server at the same time, they can reach a total speed of up to 10 Tb/s. And this is already quite a serious indicator.

It remains to figure out where the attackers get so many devices to carry out their attacks. These are ordinary computers or various IoT devices that attackers were able to gain access to. This could be anything, video cameras and routers with firmware that has not been updated for a long time, control devices, and ordinary computers of users who somehow caught the virus and do not know about its existence or are in no hurry to remove it.

Types of DDoS attacks

There are two main types of DDoS attacks, some aimed at overloading a specific program and attacks aimed at overloading the network link itself to the target computer.

Attacks on overloading a program are also called attacks 7 (in the OSI network model there are seven levels and the last one is the levels of individual applications). An attacker attacks a program that uses a lot of server resources by sending a large number of requests. In the end, the program does not have time to process all connections. This is the type we discussed above.

DoS attacks on the Internet channel require much more resources, but they are much more difficult to cope with. If we draw an analogy with osi, then these are attacks on the 3-4 level, namely on the channel or data transfer protocol. The fact is that any Internet connection has its own speed limit at which data can be transferred over it. If there is a lot of data, then the network equipment, just like the program, will queue it for transmission, and if the amount of data and the speed at which it arrives greatly exceeds the speed of the channel, it will be overloaded. The data transfer rate in such cases can be calculated in gigabytes per second. For example, in the case of the small country of Liberia being disconnected from the Internet, the data transfer speed was up to 5 TB/sec. However, 20-40 Gb/s is enough to overload most network infrastructures.

Origin of DDoS attacks

Above we looked at what DDoS attacks are, as well as methods of DDoS attacks, it’s time to move on to their origin. Have you ever wondered why these attacks are so effective? They are based on military strategies that have been developed and tested over many decades.

In general, many approaches to information security are based on military strategies of the past. There are Trojan viruses that resemble the ancient Battle of Troy, ransomware viruses that steal your files for ransom and DDoS attacks that limit the enemy's resources. By limiting your opponent's options, you gain some control over his subsequent actions. This tactic works very well for both military strategists. and for cybercriminals.

In the case of military strategy, we can think very simply about the types of resources that can be limited to limit an enemy's capabilities. Limiting water, food and building materials would simply destroy the enemy. With computers everything is different; there are various services, for example, DNS, web server, email servers. They all have different infrastructure, but there is something that unites them. This is a network. Without a network, you will not be able to access the remote service.

Warlords can poison water, burn crops, and set up checkpoints. Cybercriminals can send incorrect data to the service, cause it to consume all memory, or completely overload the entire network channel. Defense strategies also have the same roots. The server administrator will have to monitor incoming traffic to find malicious traffic and block it before it reaches the target network channel or program.

conclusions

DDoS attacks are becoming more common and more powerful every time. This means that the services we use will increasingly come under attack. One of the ways in which we can reduce the number of attacks is by ensuring that our devices are not infected with any viruses and receive updates on time. Now you know what a DDoS attack is and know the basics of protection, in one of the following articles we will look at the last point in more detail.

To conclude, I offer a lecture on DDoS attacks: