Fortinet white logo
Fortinet white logo

Handbook

DDoS attack overview

DDoS attack overview

Computer network security is a challenge as old as the Internet itself. The sophistication and infamy of network-based system attacks has kept pace with the security technology and hackers only feel more challenged by the latest heuristics designed to foil their efforts.

Some attackers exploit system weaknesses for political purposes, disgruntled about the state of software or hardware in the market today. Others target specific systems out of spite or a grudge against a specific company.

Yet others are simply in search of the infamy of bringing a high-traffic site to its knees with a denial of service (DoS) attack. In such an attack, the hacker attempts to consume all the resources of a networked system so that no other users can be served. The implications for victims range from a nuisance to millions of dollars in lost revenue.

In distributed denial of service (DDoS) attacks, attackers write a program that will covertly send itself to dozens, hundreds, or even thousands of other computers. These computers are known as 'bots', 'agents' or 'zombies', because they act on behalf of the hackers to launch an attack against target systems. A network of these computers is called a botnet. An administrator of such a botnet is called a botmaster.

At a predetermined time, the botmaster will cause all of these bots to attempt repeated connections to a target site. If the attack is successful, it will deplete all system or network resources, thereby denying service to legitimate users or customers.

Control of such bots is automated now-a-days with bot-control-panels which are accessible via payment to the bot-master. Thus other users can choose to pay and attack a site of their own choice.

E-commerce sites, domain name servers, web servers, and email servers are all vulnerable to these types of attacks. IT managers must take steps to protect their systems—and their businesses—from irreparable damage.

Any computer can be infected, and the consequences can range from a nuisance popup ad to thousands of dollars in costs for replacement or repair. For this reason, antivirus software for all PCs should be a mandatory element of any network security strategy. But whether you measure cost in terms of lost revenue, lost productivity, or actual repair/restore expenses, the cost of losing a server to an attack is far more severe than losing a laptop or desktop.

Servers that host hundreds or thousands of internal users, partners, and revenue-bearing services are usually the targets of hackers, because this is where the pain is felt most. Protecting these valuable assets appropriately is paramount.

A massive DDoS attack against Dyn.com was launched in October 2016. This was done using Internet of Things (IoT) attack using an attack called Mirai.

Mirai spreads by compromising vulnerable IoT devices such as DVRs. Many IoT manufacturers failed to secure these devices properly, and they don't include the memory and processing necessary to be updated. They are also usually not in control of the destination of their outbound traffic, so if that information is changed or compromised there is nothing they can do.

As a result, the attack cannot be stopped at the egress point on the devices themselves. Instead, network segmentation is absolutely critical for protection against outbound attacks. The responsibility for protection from IoT-based DDoS attacks, however, lies at the ingress point of the attack.

To circumvent detection, attackers are either increasingly mimicking the behavior of a large number of clients or actually using a large number of IoT clients like in case of Mirai attack. The resulting attacks are hard to defend against with standard techniques, as the malicious requests differ from the legitimate ones in intent but not in content. Because each attacking system looks innocent, advanced techniques are required to separate the 'bad' traffic from the 'good' traffic.

DDoS attack overview

DDoS attack overview

Computer network security is a challenge as old as the Internet itself. The sophistication and infamy of network-based system attacks has kept pace with the security technology and hackers only feel more challenged by the latest heuristics designed to foil their efforts.

Some attackers exploit system weaknesses for political purposes, disgruntled about the state of software or hardware in the market today. Others target specific systems out of spite or a grudge against a specific company.

Yet others are simply in search of the infamy of bringing a high-traffic site to its knees with a denial of service (DoS) attack. In such an attack, the hacker attempts to consume all the resources of a networked system so that no other users can be served. The implications for victims range from a nuisance to millions of dollars in lost revenue.

In distributed denial of service (DDoS) attacks, attackers write a program that will covertly send itself to dozens, hundreds, or even thousands of other computers. These computers are known as 'bots', 'agents' or 'zombies', because they act on behalf of the hackers to launch an attack against target systems. A network of these computers is called a botnet. An administrator of such a botnet is called a botmaster.

At a predetermined time, the botmaster will cause all of these bots to attempt repeated connections to a target site. If the attack is successful, it will deplete all system or network resources, thereby denying service to legitimate users or customers.

Control of such bots is automated now-a-days with bot-control-panels which are accessible via payment to the bot-master. Thus other users can choose to pay and attack a site of their own choice.

E-commerce sites, domain name servers, web servers, and email servers are all vulnerable to these types of attacks. IT managers must take steps to protect their systems—and their businesses—from irreparable damage.

Any computer can be infected, and the consequences can range from a nuisance popup ad to thousands of dollars in costs for replacement or repair. For this reason, antivirus software for all PCs should be a mandatory element of any network security strategy. But whether you measure cost in terms of lost revenue, lost productivity, or actual repair/restore expenses, the cost of losing a server to an attack is far more severe than losing a laptop or desktop.

Servers that host hundreds or thousands of internal users, partners, and revenue-bearing services are usually the targets of hackers, because this is where the pain is felt most. Protecting these valuable assets appropriately is paramount.

A massive DDoS attack against Dyn.com was launched in October 2016. This was done using Internet of Things (IoT) attack using an attack called Mirai.

Mirai spreads by compromising vulnerable IoT devices such as DVRs. Many IoT manufacturers failed to secure these devices properly, and they don't include the memory and processing necessary to be updated. They are also usually not in control of the destination of their outbound traffic, so if that information is changed or compromised there is nothing they can do.

As a result, the attack cannot be stopped at the egress point on the devices themselves. Instead, network segmentation is absolutely critical for protection against outbound attacks. The responsibility for protection from IoT-based DDoS attacks, however, lies at the ingress point of the attack.

To circumvent detection, attackers are either increasingly mimicking the behavior of a large number of clients or actually using a large number of IoT clients like in case of Mirai attack. The resulting attacks are hard to defend against with standard techniques, as the malicious requests differ from the legitimate ones in intent but not in content. Because each attacking system looks innocent, advanced techniques are required to separate the 'bad' traffic from the 'good' traffic.