DOS Attacks

It’s Friday and the weekend has begun. It’s been one heck of a week, so you’re going to treat yourself and go out to eat at one of your favorite restaurants. You get a table and are looking forward to your meal when all of a sudden, the local football team arrives to fuel up before the big game. The restaurant went from almost empty to standing-room-only in seconds. The waitstaff is completely overwhelmed and in the first hour of you being at the restaurant, you haven’t even received your drink. You have been inadvertently denied service by the flood of other customers that entered the restaurant.

The same thing can happen to websites and other applications. Unlike the innocent football team who is just looking to get a meal before the big game, there are not-so-innocent hackers who may target your website. The attacker will flood the website’s capability to respond and therefore deny others from accessing it. This is called a Denial of Service attack, or DOS for short.

Maybe besides a few governments, no one person has enough computing power and bandwidth to send enough traffic to a website to create an effective DOS attack. Modern servers can serve millions of requests in seconds, even with the computing needs to run the requests through complex firewalls, load balancers, content management systems, and more. For an attacker to create an effective DOS attack, they need to distribute their attack to use the resources from many computers and networks to attack one targeted website. This is called a Distributed Denial of Service attack or DDOS for short.

Typically, attackers create their distributed network of computers and networks through botnets. Botnets are comprised of computers which have malware on them that allow the attacker to take them over when needed for an attack. Your computer may be infected and even used in DDOS attacks and you would be none the wiser. By using their botnet, attackers can send millions of requests to a server all at once and take it down. While most botnet programs try to go undetected on a user’s computer, some users voluntarily join botnets. One such example is the group Anonymous, whose members voluntarily joined a botnet to assist in attacking website that the group wanted to take down.

There are many different flavors of DDOS attacks. Basic attacks send as many requests as possible while other attacks send large amounts of erroneous data to the victim server to take it down. Some attacks use a form of DDOS amplification to increase the effectiveness of their attacking computers. Examples of amplification attacks are leveraging bugs in protocols or other services to send many requests to the victim server or the attacker requests large amounts of data on behalf of the target to get other services to respond to the target. Lastly, other attacks may not focus on the target directly, but on the target’s network infrastructure, such as network routers. Regardless of the type of attack, DDOS attacks are no longer rarities and have even become commercialized on the black market and deep web. Some estimates show a DDOS attack can be purchased for as little as $20 an hour.

If executing a DDOS attack can be as trivial as ordering pizza, how does one protect their website from being taken down by such an attack? The same tactics that the attackers use to attack, you can also use to defend against DDOS attacks. As mentioned above, most DDOS attackers use a botnet consisting of many computers to attack your server. Serving your website through the cloud, which can scale up and down resources as needed, is the same thing but in reverse. As traffic increases, so do your resources to handle the traffic. Additionally, cloud hosting services are run by network specialists who have tools that can detect DDOS attacks and can help mitigate their effects.

In addition to this, hosting portions of your website through a Content Delivery Network (CDN) can have the same effect. Instead of all requests hitting your hosting environment directly, portions of the traffic are handled by a CDN, alleviating some of the pressure on your server(s). For example, a CDN can serve all of your videos, images, and some other content while your hosting infrastructure serves only the dynamic content that is unique to each request.

To take on the earlier example, your favorite restaurant is now built on cloud infrastructure and is also partially served through a CDN. As the football team exits their bus and enters the restaurant, the restaurant suddenly grows in size, more tables are added, the kitchen is expanded, and the staff’s numbers are also increased in proportion to the number of players entering the restaurant doors. These additional infrastructure resources are scaled up just like a website’s cloud hosting infrastructure could. Sections of the restaurant are also opened that are dedicated to serving one kind of food. There is a window for just processing hot dog orders and another window for just processing cheeseburger orders. These food items are ready to go and can be served directly to the restaurant patrons who are interested without needing to go through the wait staff.

While these steps help absorb a DDOS attack, there are so many kinds of DDOS attacks and the scale of these attacks can vary, so any website or application can fall victim to these attacks. The most important thing is to have a DDOS plan in place to help mitigate an attack if one is successful.

Although your website may never experience one of these attacks, it is important to have a basic understanding of the vulnerabilities that are out there on the web. Your Vanguard Client Manager can answer any questions you might have regarding this type of attack, and work with you to put a plan in place in the instance something like this happens to your organization’s website.