Network Switch:
DDoS Attack and all about it
One of the most dangerous attacks for computer networks. Diagnosing of this attack is so difficult and solving of that is hard either. This attack happened through a computer and IP address and can impact on different operation system such as web site and etc.
We are going to explain this attack in this article that what is DDoS Attack? How does it make? Different types of DDoS Attack? And etc.
What is DDoS Attack?
DDoS Attack is short form of Denial of Service and it is a kind of cybercrime that used to disrupt the normal flow of traffic to a site or service. It affects a variety of platforms, including websites and video games.
In a DDoS attack, the server infrastructure that an online service relies on experiences an unexpected surge of traffic, forcing it to go offline. For DDoS Attack maybe uses of group of cars that connected together. These cars include computers that connected to the internet.
The collection of devices that used a DDoS are known as a botnet. The hackers of DDoS use it to control the devices and handling the attacks remotely. Diagnosing between a botnet and normal device is too difficult. Because operation systems know botnet as valuable internet devices. DDoS is an Attack that extracts the available resources in a network till real users can’t access to them. Increasing DDoS Attack cause of innovation in techniques and tools.
Eventually, DDoS Attack can segregate into some categories by OSI Model. They exist In Layer 3 of network, in Layer 4 of network (Transfer), in Layer 6 of network (presentation) and in Layer 7 of network (Program) commonly.
How does DDoS Attack work?
DDoS Attack work by machines that connected to the internet. These networks include computers and other devices that have been infected by malware and allowing them to control attacker remotely. These devices know as a robot that called them botnet.
When create a botnet, attacker can transfer introduction to every robot, handles the attack. When a server or network victim is targeted by botnet. Every robot sends request to the target IP address and causes the server or network to become overwhelmed, resulting in denial of service to normal traffic.
Because every robot is a logical internet device, separating the attack traffic from normal traffic can be difficult. Totally, the purpose of DDoS Attack is that devices, services and network intended target with fake internet. Making them inaccessible and useless for illegal users.
- DoS VS DDoS:
Dos and DDOS are attacks in which an attacker makes a computer or server inaccessible by sending too many requests.
In Dos attacks, the attacker sends requests from one system. However, in DDoS Attacks, which are a type of Dos attack, the attacks are carried out through multiple systems. In this type of attack, the attacker may use your computer to attack another system in a way that takes control of your computer and uses it to attack other services.
- Botnet:
It is the main way distributed denial of attacks is carried out. The attacker hacks computers and other devices and install malicious code as a robot. Infected computers make a network that called botnet. Then attacker instructs botnet that by sending request more than capacity to server and victim devices, control it.
How to identify DDoS Attack?
One of the clear signs of DDoS Attack is that unavailable site and service, but because of various reasons like this, you must search more. Traffic analytics tools can help you to recognize symptoms of DDoS Attack.
-Suspicious amounts of traffic originating from a single IP address or IP range
-A flood of traffic from users who share a single behavioral profile, such as device type, geolocation, or web browser version
-An unexplained surge in requests to a single page or endpoint
-weird traffic patterns such as spikes at odd hours of the day or patterns that appear to be unnatural (e.g. increase every 10 minutes)
-There are other, more specific signs of DDoS attack that can vary depending on the type of attack.
Read more: What is MAC address
Types of DDoS Attack:
There are 7 types of DDoS Attack and we will explain about them that how do they effect on the security of online space.
1- Windows Remote Desktop Protocol:
Windows Remote Desktop Protocol (RDP) is used to connect computers over a network. Microsoft’s protocol has made it easy for people to connect computers over a network. Netscout’s research shows that Windows RDP has been used to enhance DDoS performance and use new vectors. The UDP protocol has been a key component of the DDoS attacks against servers. UDP is a communication protocol used for voice and video transmission.
Its speed is such that it does not connect before transmission. It has its drawbacks, including loss in transit and vulnerability to DDoS attacks. according to the research, not all RDP servers have been used, but cybercriminals have been using Windows RDP to jump and send unwanted traffic for their DDoS attacks.
The users used systems that had RDP authentication enabled on UDP port 3389 over the standard TCP port 3389. Norman sends UDP packets to UDP ports on RDP servers before echoing them to target devices.
2-Jenkins servers:
Jenkins is an open-source server used for software development. A Jenkins server can be used to perform critical software development tasks, including building, testing, deploying, and continuous integration. When a vulnerability is discovered, it allows DDoS attacks to be launched with Jenkins. While these vulnerabilities are patched, it identifies some of the DDoS risks present in the servers.
Security researchers discovered that an attacker can amplify DDoS attacks by using the Jenkins UDP protocol (on port UDP33848) and direct server traffic to the intended target. Hackers can then use the vulnerable Jenkins servers to increase traffic by up to 100 times. This disruption would trick the servers into sending data to each other continuously and sequentially, which could cause a lot of downtime.
3- Web Services Dynamic Discovery (WS-DD) Protocol:
Web Services Dynamic Discovery (WS-DD) is a multicast discovery protocol used to locate services or devices on a local network. For example, video monitoring and printing are examples of WS-DD activities. Research shows that cybercriminals have used WS-DD as a UDP amplification technique. In 2019, hackers carried out more than 130 DDoS attacks using more than 630,000 devices to amplify DDoS attacks with this protocol.
4- DDoS Vulnerability in 5G:
The next generation of the Internet, 5G, will improve the responsiveness of wireless networks. The fifth generation of mobile phones will connect people and devices with better bandwidth and advanced technology. However, the increase in the number of connected devices can increase the risk of DDoS attacks. As the IoT network grows with the introduction of 5G, the conditions for DDoS attacks can become more widespread. There are a large number of vulnerable and unprotected devices in the IoT.
Inevitably, many security improvements will be made in the early stages of implementation for a new network like 5G. The combined vulnerability of IoT devices and the new security architecture of 5G networks may make 5G devices an easy target for creative cybercriminals. Cybercriminals are likely to use 5G to expand the bandwidth of their DDoS attacks. the additional bandwidth can increase the impact of attacks. If the bandwidth is used to saturate the target’s bandwidth.
5- ACK DDoS with Pulsed Waves:
Web infrastructure company Cloud flare observed a DDoS attack that sent traffic in pulsed waves, similar to drum beats. The creators of this attack used a less common method of sending traffic to trick security systems. The global distributed attack began over two days by using nodes to send an equal number of packets at an equal rate. More than 700 attacks were detected and controlled.
6- Multi-Vector Attacks:
Multi-Vector attacks involve using a combination of different techniques to carry out attacks on the application and data layers. In fact, in recent years, multi-vector attacks have become more popular for hackers to attack operating systems. Multi-vector defenses can be very difficult, as it is difficult to provide the resources to respond to multi-faceted attacks.
As more protocols are implemented on the Internet, the attack vectors that cybercriminals can use increase. Hardware and software advancements around the world are providing new opportunities for cybercriminals to experiment with new attacks. BitTorrent, HTML, and TFTP are among the attack vectors that are commonly used.
7- Botnets affecting Android devices:
The new botnets use Android devices to launch DDoS attacks. Botnets like Matryosh use the Android Debug Bridge (ADB) in Google’s Android Software Development Kit (SDK) to execute attacks from a command line tool.
How to defend against DoS and DDoS Attack?
There are some tactics and tools that you can use to stop DDoS and DoS Attack. There are including:
Rate limiting: numbers of requests that a server can accept over a certain time window.
Web application firewalls: there are some tools that can filter the web traffic based on some rules.
Anycast network diffusion: distributing cloud network between server and traffic that come, providing additional computing resources with which to respond to requests.
Read more: What is SD-WAN protocol and how does it work
What is a DNS flood attack?
One of the most complex attacks is the DNS Flood, which some sources use the term amplification attack to describe it. In a DNS Flood attack, the hacker sends very small packets that force the server to respond, which take a long time and their sequence causes the server resources to be wasted.
In this attack, the hacker sends many DNS requests to the server based on the IP address spoofing mechanism. Of course, in the above method, the target is the DNS servers that play the role of domain controllers.
Security solutions in DDoS Attack:
In general, security and defense against DDoS attacks are divided into two parts:
1- Solutions before a DDoS attack:
– Strong firewall configuration
– Using a web security provider
– Honeypot infrastructure
– Professional network security
2- Defending the system during a DDoS attack:
– Filtering incoming network traffic
– IP filtering based on history
– Changing the IP address
– Load balancing
Conclusion:
DDoS Attack is one the most important cyberattack that is really common and difficult guessing. You can detect this attack just with some signs that we explained them in this article. The internet crimes are improving permanently. The goal of this article is preventing from this attack.
You can our other articles about network equipment and their protocols to help you that make a strong network, so read our blogs in Atech blog.