DDoS is an attack on a server, application, or communication channel that can partially or completely paralyze the work of any business. By sending millions of requests, hackers attack banks, healthcare facilities, media, online stores, and other online organizations.
Your site can literally be held hostage: cybercriminals are interested in money, you are interested in restoring access to the resource as soon as possible. It is almost impossible to repel such DDoS attacks of competitors on your own. Therefore, you should start using the DDoS-GUARD service.
A DDoS attack seeks to make a network or server unavailable; it is an attack that tries to interrupt a service temporarily or indefinitely.
In today's world, there is something called "computer warfare", "digital warfare" or "cyber warfare", which consists of attacking the enemy's information systems and protecting one's own. These cyber wars use other types of tools to defend themselves, very different from conventional firearms. The attack methods are varied, such as sabotage of computers and satellites, and DoS or DDoS, depending on the case.
But not only in digital warfare, but these types of attacks are also used. For whatever reason, political, economic, or simple personal vendetta, a DDoS attack can be directed at any type of host connected to the Internet. Be it the systems of a government, those of a company, a video game platform, or even a simple blog.
What is DDoS?
DDoS means “ Distributed Denial of Service ” in English, and it is known as “ Distributed Denial of Service attack”. This type of attack consists of a group of compromised systems (also known as "zombie computers") that attack a single target to cause a denial of services to users who are legitimate.
It creates a huge flow of messages and requests that are thrown at the target so that it becomes overloaded and forced to close; as a result, real users are denied service.
A typical way to achieve a DDoS attack is for the attacker to exploit some vulnerability in a computerized system and make it its “botmaster”. This botmaster then identifies other vulnerable systems and infects them with malware to turn them into zombie computers. When enough of them are controlled (what would be called a botnet or zombie army), they are instructed to launch an attack on a specific target.
A sharp increase in traffic
Some users sometimes confuse a DDoS attack with a sharp increase in traffic to the site (increase in traffic), caused by either the promotion of the site in the search engines or the indication of a link to the site on a very highly visited resource.
An increase in traffic (increase in traffic) means that your site is visited by "real" users who visit your site purposefully, who are interested in your goods or services (or in the information presented on the site). In this case, the traffic ratio of the channel operator that serves the hosting provider remains unchanged, usually, this ratio is 1/4, i.e. for one megabyte of traffic entering the server, there are four megabytes of outgoing traffic from the server.
If your site starts to work slowly with an increase in traffic, you need to pay attention to several things:
a) the speed of your software, i.e. Your technician should find the bottleneck in your site's software and fix it.
b) the speed of the server on which your site is hosted, sometimes some so-called. "hosting providers" do not host sites on high-performance servers, but on desktop machines, which sooner or later will lead to a problem of site accessibility, with a more or less significant increase in site traffic.
The DDoS attack in its present form is continuous access to a website from many computers located in different parts of the world. Basically, these are the so-called "zombified" computers of ordinary users (who do not even know about it). These computers are infected with viruses that are centrally controlled by the attacker. It is these computers that send spam, participate in DDoS attacks, and it is from these computers that attackers steal personal information. There is a whole industry on the Internet ("underground" industry), whole teams of programmers are working on this, looking for vulnerabilities in operating systems in order to use them for their own purposes.
In this case, the traffic ratio of the channel operator that serves the hosting provider changes dramatically: the size of the incoming traffic on the channel increases dramatically and, at times, reaches the maximum value of the channel bandwidth, while the outgoing traffic from the server becomes scanty because the incoming connections are literally "clogged. "channel with your requests.
In our harsh realities, this method of disabling a site has become very common, due to the intense competition between sites in the so-called "TOP" of search engines Yandex, Google, Rambler. After all, if you disable the site, then it will be excluded by the search engine from the search results, and its place will become vacant. Also, these methods are used by people who are ready to pay money for the fact that any site would cease to function (personal hostility of the attacker to the site administrator, etc.)
To effectively combat a DDoS attack, it is necessary to take a number of preventive measures, make special settings for the software and network hardware installed on a high-performance server. And of course, the user needs to provide all the necessary information to the hosting provider when the DDoS attack started, were there any cases of blackmail, are there any precedents for DDoS attacks on other sites of related topics, etc. Only in this case, it is possible to quickly and effectively "repel" a DDoS attack.
The difference between DoS and DDoS
There is a difference between DoS and DDoS. The first is simply a denial of service attack and the second is a distributed denial-of-service attack.
DoS attacks only need a computer and an Internet connection to overwhelm a target's bandwidth and resources. On the other hand, the DDoS attack uses many devices and several Internet connections that are usually distributed throughout the world. Of course, since the attack comes from different directions it is almost impossible to deflect because you will not be dealing with a single attacker.
Types of DDoS attacks
Based on volume: in this case, the purpose of the attack is to saturate the bandwidth of a website that is the target. The idea is to cause congestion.
Protocol attacks: this type of attack consumes resources from the server or some service that works as an intermediary, such as a firewall or load balancing. This attack can bring down even services that are capable of maintaining millions of active connections in a stable way.
Application layer attacks: this uses requests that are disguised as legitimate or innocent users but with the purpose of making the webserver stops working.
The most important DDoS attacks
The MafiaBoy attack. On February 7, 2000, a boy from Canada named Michael Demon Calce, better known on the Internet as MafiaBoy, launched a DDoS attack against Yahoo! which caused the site to stop working for a whole hour. Remember that at that time Yahoo! was a multi-million dollar company and the first search engine on the web. According to some interviews given by the attacker, the purpose of this attack was to gain credibility on the Internet for him and for his group of cyber friends called TNT. MafiaBoy continued the attacks the following week, completely halting the servers of eBay, CNN, Amazon, and Dell.com.
Cyber attacks of July 2009. These DDoS attacks affected news, finance, and government websites in both the United States and South Korea. According to estimates by various security companies, an army of around 50,000 zombie computers located in South Korea was created. There were three consecutive attacks: one on July 4, Independence Day in the United States, where the pages of the White House and the Pentagon were affected; another on July 7, which affected only South Korean government sites; and finally on July 9, where websites from both countries were affected. Until now no one knows who or who the attackers were.
What is DDoS-GUARD?
DDoS-GUARD is a DDoS attack protection service that provides high-quality protection of web resources. DDoS-GUARD uses filters that sequentially analyze passing traffic and detect any anomalous activity in it. The provider has a huge number of templates both to protect against already known cyber threats (including botnets) and to repel previously unknown attacks.
How is the network protected?
DDoS-GUARD uses reverse proxy technology. This means that in just a few minutes DDoS-GUARD allows you to redirect an attack to a protected IP address (in other words, a filter). After that, all incoming traffic is scanned and cleared of all abnormal requests. This organization of network protection is able to withstand an attack of more than 250 Gbps, which will ensure the uninterrupted operation of your resources 24/7. DDoS-GUARD constantly modifies filtering algorithms, increases channel capacity, and adds computing resources to traffic processing clusters. If you want your personal data to be always safe, then DDoS-GUARD is for you.
Geo-distributed filtering network with nodes in the Netherlands, USA, Japan, Russia, and Germany with a throughput of more than 1.5 Tbps
Guaranteed client protection against attacks
Successfully repelled attack classes such as IP malformed, ICMP flood, TCP SYN flood, TCP-malformed, ICMP smurf, and others
Low latency in packet processing
24/7 monitoring of service availability
What types of attacks can you repel?
DDoS-GUARD is constantly being improved to protect client sites from new attacks. Now the service allows repelling 51 types of attacks: FIN Flood, SYN-ACK Flood, fragmented HTTP packet attacks, UDP Flood, RST, ICMP flood, IP malformed, and other types.