A distributed denial of service (DDoS) attack is a malicious attempt to disrupt the normal traffic of the target’s server, service, or network by flooding the target’s or surrounding infrastructure with high-volume Internet traffic.
DDoS attacks are effective because they use a large number of compromised computer systems as the source of attack traffic. Other network resources, such as computers and IoT devices, can also be exploited.
A DDoS attack is roughly analogous to an unexpected traffic jam that clogs a highway and prevents normal traffic from reaching its destination.
DDoS attacks are carried out by exploiting a network of machines linked to the Internet.
These networks are made up of malware-infected computers and other devices (such as IoT devices) that can be remotely controlled by an attacker. These individual devices are called bots (or zombies), and groups of bots are called botnets. Once the botnet is established, an attacker can launch an attack by sending a remote instruction to each bot.
When a victim’s server or network is attacked by a botnet, each bot can send a request to the target IP address, overloading the server or network and causing a denial of service to normal traffic.
All bots are legitimate internet devices, so it can be difficult to separate attack traffic from regular traffic.
DDoS attacks vary greatly in length and sophistication. DDoS attacks can occur over a long period of time or only in a short period of time.
Long-term attacks: Attacks that last for hours or days are considered long-term attacks. For example, a DDoS attack on AWS caused three days of confusion before it was finally mitigated.
Burst Attacks: These DDoS attacks are very short-lived and last only a minute or a few seconds.
Don’t be fooled. Although very fast, burst attacks can actually be very damaging. With the advent of Internet of Things (IoT) devices and more powerful computing devices than ever before, it has become possible to generate more traffic than ever before. This allows an attacker to generate a large amount of traffic in a very short time. Burst DDoS attacks are often beneficial to attackers because they are difficult to track down.
The most obvious symptom of a DDoS attack is when a website or service suddenly slows down or becomes unavailable. However, similar performance issues can occur due to a variety of causes, such as legitimate traffic spikes, and should usually be investigated further. Traffic analysis tools can help you find some of these obvious signs of a DDoS attack. Some of the tell tale signs of a DDos attacks are suspicious amount of traffic originating from a single IP address or IP range or Abnormal traffic patterns such as odd-hour spikes in the day. There are other specific signs of DDoS attacks, depending on the type of attack.
One of the most massive DDoS attacks in history was launched against GitHub, which is widely regarded as the most prominent developer platform. This was the largest DDoS attack in history at the time. However, the platform was only taken offline for a few minutes due to precautionary measures.
Attackers spoofed GitHub’s IP address, gaining access to Memcache instances and increasing the volume of traffic directed at the platform. To limit the damage, the organisation quickly alerted support, and traffic was routed through scrubbing centres. Within 10 minutes, GitHub was back up and running.
AWS is widely recognised as a leading provider of cloud computing services. The company, a subsidiary of Amazon, was subjected to a massive DDoS attack that kept their response teams busy for several days.
The DDoS attack on AWS in is said to be the largest of its kind to date, with an impressive onslaught of 2.3 Tbps, surpassing the previous leader of 1.7 Tbps. After a three-day incursion, the AWS teams were able to mitigate the threat.
In an unusual turn of events, Google reported a DDoS attack that outperformed Amazon’s, claiming that it had mitigated a 2.5 Tbps incident years earlier. The attack was launched by a state-sponsored group of Chinese cybercriminals and lasted six months.
In late 2020, Google disclosed the flood attack in an effort to raise awareness about an increase in state-sponsored attacks. The organisation did not specify any data loss as a result of the incident, but it intends to strengthen preventative measures in order to thwart the rise in attacks.
BugBase is India’s largest cybersecurity marketplace! We provide bug bounty programs that can be reached out to by ethical hackers and develop a security enthusiasts community all over the country. We are expanding our services to provide security audits and VAPT.