DDoS Attack
What is a DDoS Attack?
A distributed denial-of-service (DDoS) attack is a malicious form of cyberattack that attempts to flood the targeted server, service, or network with Internet traffic in order to disrupt service.
What is DDoS?
DDoS stands for distributed denial of service. It is a form of cyberattack that attempts to crash an online service by flooding the IP address of the targeted device with more communication requests and data than it is designed to handle. These requests can overload the system, blocking network connections on the targeted device so that ordinary traffic can no longer get through.
Why are DDoS attacks used by hackers?
With a DDoS attack, the primary goal is to make your website, product, or service inaccessible to customers. One reason hackers use DDoS attacks is business competition. Nearly half of attacked businesses believe a direct competitor was responsible.
DDoS attacks can also be used to voice an opinion or purpose as a form of “hacktivism.” Similarly, some DDoS attacks are politically motivated. DDoS attacks can and do occur between countries or governments.
Another common reason for DDoS attacks is revenge. For example, there has been an increase in DDoS attacks from previous employees unhappy with their former employers.
DDoS attacks can also signal a larger attack on the horizon. The DDoS would serve either as reconnaissance to learn how an organization would respond to an attack, or simply as a distraction before a larger attack strikes.
What are some examples of a DDoS attack?
One example of a DDoS attack is called the application layer attack. The server generates a response to an incoming client request, fetching information related to the request, packaging it, and sending it back to the browser. This happens on the application layer. With an application layer attack, hackers use bots or machines to repeatedly request information from the same source over and over again, overwhelming it.
Another form of DDoS attack is a protocol attack. These attacks attempt to exhaust server resources like firewalls, routing engines, and load balancers. One form of protocol attack is the SYN flood. With a SYN flood, when two computers perform a TCP handshake to initiate a secure communication channel, the attacker floods the server with numerous SYN packets that contain spoofed IP addresses. The server responds to each packet, but the client never responds, so the server just keeps waiting and waiting until it crashes.
The third common example of a DDoS attack is a volumetric attack. These are initiated by bombarding a server with so much traffic that its bandwidth cannot handle it. A popular volumetric attack is DNS amplification, where an attacker sends requests to a DNS server using a spoofed IP address of the target. The DNS server then sends its response to the target server. The massive amounts of DNS server responses overload the target server.
How can I protect my company from a DDoS attack?
Protection from DDoS attacks requires multilayered cloud security, incorporating both automation technology and human intelligence to monitor and protect your business as much as possible. Tips for keeping DDoS attacks at bay include:
- Implementing sound network monitoring practices
- Practicing basic security maintenance and updates regularly
- Setting up basic traffic thresholds
- Preparing a DDoS response battle plan
- Ensuring sufficient server capacity
- Exploring cloud-based DDoS protection solutions
- Using a content delivery network (CDN)
- Getting professional DDoS mitigation support
HPE and security against DDoS attacks
Secure your data and your devices with HPE GreenLake for Security. We can help you adopt a zero-trust framework so you can close gaps and reduce complexity. That’s built-in security, wisely done. Take a silicon-to-cloud approach to securing your data infrastructure spanning clouds, data centers, and edges while also helping to protect against DDoS attacks.