What is a DDoS attack and how does it work
In a typical DDOS attack, a personal computer is compromised by the attacker, and is then instructed to continuously send ICMP requests to a target site at regular intervals. Because ICMP is the protocol used for TCP/IP internet communication, this method allows the attacker to cause a severe overload of traffic on the target server, thereby taking it offline. In some cases, the ICMP requests can also be used to cause a disconnect to the target server’s internet connection over which it hosts its domain name, effectively removing it from the internet entirely.
A DDoS attack is carried out with a botnet, or a collection of computers that have been compromised by an attacker. Botnets can contain hundreds or thousands of systems, and their use for DDoS attacks allows their owners to create much larger attacks than would be possible if only one computer were used.
Signs that you might be experiencing a DDoS attack
o the attacker will use web sites or web servers associated with a commonly used company, often displaying that company’s logo or other trademark ; or
o the attacker will use financial or credit card information to purchase goods and services ;
o you have spam coming out of your email or computer every day ;
o you’re seeing a large number of failed login attempts to your email account daily.
This list could be expanded on and any one of these signs might be the indicator that someone is trying to bring down your business with a DDoS attack.
What is a DDoS attack?
A DDoS attack is the use of malicious software, or as we generally call it today, malware to pull off an online attack that overwhelms a target and fails to respond to legitimate requests for service.
The following are some questions you should be asking yourself when you see a high volume of login attempts from your IP address.
What is a DDOS Attack?
DDoS stands for Distributed Denial of Service. A DoS attack works by overwhelming the target’s network connection with fake traffic. The result is that the targeted machine can’t respond to legitimate requests because it is busy handling the fake requests.
How to protect yourself from DDoS attacks
o putting your server behind a ‘stateful firewall’ (i.e. a firewall that records all the traffic that passes through it) will prevent the attacker from taking complete control of your server and hijacking it;
o applying a ‘stateless firewall’ (i.e. a firewall that does not record traffic; think of it as a free ticket for hackers to do whatever they want) is the same as turning off your security defenses;
What to do if you think you’re being targeted by a DDoS attack
o if you don’t know whether your server is being used in a DDOS attack, you should send notification of the attack to relevant authorities immediately.
o if you are the target of an attack, we recommend disabling Active Attacks Prevention (AAP) and/or Web Application Firewall (WAF).
o If the attack continues to be successful, you can contact your ISP or a qualified expert to help with the attack.
This article is going to
– explain what DDOS attacks are and how they work.
– touch on case studies where people have been attacked.
– discuss what should be done during a DDoS attack at home or during business hours.
– touch on the best practices for business continuity during an attack.
– give tips on how to recover from a DDOS attack.
– discuss what should be done after a DDOS attack is over.