DDoS – (from the English. Distributed Denial of Service “denial of service”) most often the attack is aimed at making the victim’s resource unavailable.
A DDoS attack on a website is akin to pressing a red button, but it can start blasting now, not later. The victim’s servers are attacked with multiple requests, and the resource becomes unavailable. The duration varies from one hour to a month.
The method appeared in the early 1990s and did not imply anything serious, but was only used as a joke.
But in the mid-90s, an attack was made on a New York provider, Panix Networks. And she was not at all joking, but rather revengeful. The provider did not allow users to send spam. In 1996, a guide to countering DDoS attacks was published. It was then that the problem was recognized.
Usually botnets are used for attacks.
A botnet is a computer network of multiple hosts that run bots (stand-alone software). They serve an attacker to extract personal information, send spam and DDoS attacks. Botnet networks are organized from infected computers to which spam is sent to a mailbox or to a social network with dangerous software. To prevent this from happening to you, check your PC for viruses, do not open potentially strange emails and clean the “Spam” folder in your mailbox.
Although this is called a “network,” the devices are not interconnected.
Botnets generate a large volume of traffic (directing requests to a site or imitating a visit to it), which in turn overloads the system. After all, not all equipment can cope with heavy loads.
Attention, a DDoS attack is expected: how to understand what site they want to put down?
Simple enough. Most likely, you know how the site “behaves” in times of peace. If there are signs of an attack, the site and server have problems.
The software starts to slow down, the incoming traffic grows inadequately, the logs are rapidly gaining weight.
Any deviation in the work of the site can raise suspicion of a DDoS attack.
Who needs DDoS attacks and why?
Attacks can be carried out by young and old: from a high school student who decided to try his hand, to a professional hacker who either wants to earn money by blackmail, or fulfills an order of some person. It all depends on the purpose of the attack on the resource.
For example, firm A (C, D, E, etc.) wants to make more profits before the holidays, but their competitors, firm B, are more popular with customers. Therefore, firm A orders an attack on firm B, and while the site of the latter is not working, the first grab orders for two =)
In general, DDoS attacks can be carried out by both a professional and an amateur who knows how to use information from a search engine. it is not difficult to find instructions that will help you carry out a DDoS attack (albeit a very simple one).
What resources are most often affected by DDoS attacks?
Basically, the victims of attacks are:
- Bookmaker offices
- Online Stores
- Educational institutions
- Game services
- State institutions
- Online checkouts
Also, do not confuse a DDoS attack with a website hacking – these are completely different things. A DDoS attack is not injected into the site code in any way, but only directs a huge number of requests to it, which is why the site cannot cope with them and becomes inaccessible.
Most famous DDoS attack: the Aeroflot case
In Russia, the most famous attack on the Assist payment system, which carried out payments on the Aeroflot website. In 2010, with the help of a DDoS attack, hackers managed to put down the servers of the Assist payment system. As a result, it was impossible to book tickets on the Aeroflot website during the week. The company lost at least 146 million rubles this week. Impressive? Me very much.
According to the investigation, the perpetrators of the attack were brothers Dmitry and Igor Artimovich.
The customer of this case (the owner of the ChronoPay payment system) just wanted to break the relationship between Aeroflot and Assist and take the place of the latter.
The Artimovichi brothers received 2.5 years of general regime. In the photo, Dmitry Artimovich, who was directly involved in the attack on the Assist payment system.
The main types of DDoS attacks
HTTP flood. In this case, a packet is sent to the server, in response to which a packet of a much larger size is sent. In a specially formed request to the server, the hacker replaces his IP address with the IP devices inside the victim’s network.
ICMP flood. More specifically, the Ping of Death.
Ping (server response time) like a shuttle run, the time of sending packets from the PC to the server and back is measured.
Low ping is good (server responds faster), high ping is not very good (slow server response).
So, checking the server availability via the command line by ping to ya.ru, for example, we can see the response time of Yandex servers.
To check it, packets weighing 32 bytes are sent to the server (with a maximum size of 65,536 bytes). And if the packet size exceeds these 65,536 bytes, then the server may have problems.
And this is achieved by fragmentation of these packets. Roughly speaking, a packet larger than 64 kb is divided into several parts and sent by request to the victim’s server.
As soon as the fragments are on the victim’s computer, he tries to restore them and, as a rule, the victim’s device freezes (including the controls), and the server becomes unavailable.
At the moment, the method with a high degree of protection is irrelevant.
“Heavy packages”. An attacker uses a botnet to send heavy-to-process data packets to the server, which do not overwhelm the communication channel, but rather consume processor resources, which can lead to overheating or overloading.
Drive overflow. An unlimited number of logs are sent to the victim, which will take up all the free space on the drives.
And a little about “smart” technology. In the age of modern technology, smart devices have already gained popularity. It can be a speaker, an outlet, a light bulb, a video camera, a kettle, a refrigerator, etc.
The fact is that each smart device has an ip-address, which means that you can also send requests to the server from it. It would seem that the uprising of machines 10 years ago could be attributed to fantasy, but now it is getting closer to reality.
Is it possible to order a DDOS attack on competitors?
Sure! It is not difficult to find services for organizing this process, but it is important to remember that this is illegal and criminal liability can be used as a punishment.
The prices are different: someone wants 3 thousand rubles for maintaining the site in an inoperative state, and someone wants all 30 thousand. It all depends on the degree of protection of the resource.
Of course, all sites providing such services look dubious and there is a high probability of running into common scammers.
Also, such services can be found on specialized forums. Prices don’t differ much from the sites above.
So any of your competitors can do what ChronoPay does to Aeroflot, it’s not that expensive. And you need to be able to defend yourself.
6 ways to defend against DDOS attacks
When installing filters, you can set special parameters to help protect the server and filter traffic with specific rules.
If someone tries to attack a resource, the monitoring system will react in time and make it clear that the site is beginning to accept the attack. There are no guarantees that this method will help fight off, but it will definitely help buy time that is worth using for defense.
Often attacks are directed at external resources. Internal (admin panel, working structure) fall under the hot hand, as they say. To prevent this from happening, internal resources should be transferred to other equipment or other data centers. Thus, if the main resource is attacked, the internal one will continue to work normally.
Always update the software if the system requires it. Developers are constantly patching old holes (and opening new ones), improving the security and stability of software. Often, users of outdated software become victims of cybercriminals.
Nowadays, many services have appeared to protect against DDoS attacks. They reduce the load on the site, filter and optimize traffic. Also, such services include a monitoring system. Thus, only pure client traffic arrives at the client’s server. Prices vary from 3 to 30 thousand rubles per month.
The Aeroflot case showed that anyone can be found. If the site is attacked and the victim has lost resources, then this cannot be left unpunished. It is necessary to seek de-anonymization and punishment of intruders.
So others will see that such actions will not go unpunished.
It should be understood that microstep DDoS attacks are becoming a thing of the past. Since the middle of the last decade, there have been fewer such attacks, thanks to criminal cases and increased site protection. However, this does not mean that it is worth relaxing – you always need to be fully armed.
In any case, it is worth checking your site for viruses, because an infected resource is a dangerous resource.