What is a DDOS attack?
A DDOS attack consists of launching a larger than normal amount of requests to a server, network or other hosted computer system. This computer attack aims to degrade its performance or to make it unavailable. In fact, this excessive influx of requests is such that the system will be overwhelmed and will no longer be able to respond to the usual requests. In the case of a server, its hardware resources such as the processor, memory or hard disk will be running at maximum capacity and a bottleneck will be created for the processes to be executed.
The name DDOS (distributed denial of service) comes from this since, once the target is overloaded, a denial of service will ensue on its part, as it will no longer be able to process requests.
Hackers often use hacked or compromised servers, computers or other connected equipment to have a large number of sources to execute the attack. These machines act as zombies
What are they sent for?
There are 2 main reasons for a service to be the target of a DDOS attack: commercial or ideological.
DDOS attack to kill a business
An unscrupulous competitor to whom you are overshadowing could for example decide to take down your website for a while. Specialists offer services in this field by making their botnet available to the highest bidder to target an attack to the desired destination. A network of zombie machines is then used (unknowingly) to attack a target that it does not even know. Once the target is unavailable and as long as the attack continues, it is very complicated to get it to leave. During this time, when your services are no longer online, your competitor takes advantage of this to gain market share by, for example, recovering your users who can no longer access your services.
Denial of service targeting a person or an ideology
Among the cases of attacks that are often identified are personal attacks. Whether they target a public figure, a political party, a religion or a company, the attackers are opponents with strongly different ideas and wish to make this felt. The goal is to prevent access to shared information and even to related services and to penalize it as much as possible.
As you will have understood this practice is illegal and in France it is punishable by a fine of several thousand euros and a prison sentence of up to 5 years.
What are the different types of DDOS attacks?
There are several types of attacks:
Amplification or volume attacks: the goal is always the same: to overload the target and make it no longer online. For this, there are several means:
Botnets, for example, whose goal is to use all the bandwidth of a network or a machine
DNS amplification attacks where DNS servers are “spammed” with modified UDP packets. The goal is that, by impersonation, the answers are always sent to the same victim in order to overload it. This type of attack is also called a reflection attack.
NTP amplification attacks. This protocol ensures that all the machines that use it have exactly the same time. Like the DNS protocol, the use of NTP is sometimes exploited to launch DDOS-type attacks.
SYN Flood: consists of exploiting the very functioning of the TCP protocol by initiating sessions that are never terminated and for which the target always reaches the end without ever receiving it until it reaches saturation.
Attacks on network equipment: in this case, the goal is to overload the memory of equipment such as firewalls and load balancers. Once the status table is overloaded, the equipment no longer responds and the machines connected to it can no longer be reached.
Attacks on applications: the most common is the http protocol flood. It simply consists in launching a multitude of http requests to the same website or the same ip so that the server in front of it does not have the necessary resources to respond. This type of attack is very easy to carry out because the attacker simply needs to load a web page as if he was browsing the site. The simple fact of doing volume can bring down the server that hosts the site. In the same way, it is possible to identify web pages that do heavy processing to exploit this flaw and monopolize all the resources of the server that hosts it with only a few visits.