What is DDoS? “It’s the DoS attack that makes everyone scared.” DDoS stands for “Distributed Denial of Service.” Essentially, it is an attack on the target system. In other words, what a DDoS does is use the Internet to attack other systems, rather than the system being attacked.
For the attacker, an Internet attack is a coordinated series of synchronized application-layer attacks (IP packets) with the goal of denying access to a system or data. What is meant by application-layer attacks is that a single network device such as a router or firewall is used to carry out many different attacks. While many people know what a flood is, few understand what a DoS is nor do they understand what it can mean to have a DoS attack. DDoS stands for “Distributed Denial of Service.”
What is an application layer attack? An application layer attack occurs when the attacker floods a server or application with network traffic in order to divert it into an unauthorized area. This type of attack occurs when attackers use software tools and techniques to try to degrade the security of an Internet service. While on-premises protection from Internet threats like DDoS requires on-premise DDoS protection. It is usually bundled with anti-virus and firewall applications.
What is an off-premise protection? Off-premise DDoS protection can be expensive and not always provide effective DDoS protection. Often, a company must take on the additional cost of on-premise DDoS prevention. The primary benefit of on-premise DDoS protection is that the server resources are already in place. An off-premise attack requires the company to hire additional staff and/or purchase more server resources.
What is an attack? An attack is a temporary condition where an attacker overloads a server with traffic in an effort to overwhelm the target server or application. It is often referred to as a saturation attack. An attacker might send thousands of requests per second (considered a “burst” attack) to a target server. Other attacks focus on a single server resource, such as an application layer.
What is port flooding? Port flooding is an application layer attack in which an attacker floods an application with multiple high-bandwidth TCP connections. For example, if the target machine has six ports and the attacker sends four simultaneous TCP packets per port, then the machine will receive four TCP packets for each of those ports, for a total of twelve. If the application layer has a large number of open listening sockets, the amount of incoming traffic will exceed the machine’s capacity to handle. This results in an overage, which triggers the offending TCP packets. This type of attack is often associated with worms or other forms of Distributed Denial-of-Service (DDoS) tools.
What is a buffer overflow? A buffer overflow occurs when an attacker fills an existing socket with data that is larger than what the socket can accommodate. For example, an IP address is translated into a valid TCP address, but an attacker who control the targeted machine can fill this data with data he/she wishes to use. This type of attack is most commonly associated with buffer overflow vulnerabilities in Windows operating systems.
What is a distributed DDoS? A distributed dDoS involves an attacker who spreads attack over different sites. The first step to prevent such attacks is for an IT administrator to determine whether the network is affected and take measures to remedy the problem. This can be done by manually testing the connection of every machine on the network. However, if the testing is not successful, the administrator may choose to use automated tools for detecting and monitoring the presence of such attacks.