DoS attacks are where a few compromised systems are used to target a single “Internet facing” IT system (It can be servers, devices, services (HTTP/HTTPS), networks, applications), with the intent to make the victim IT services unavailable.
For Example: if a website has a DoS attack launched against it and the DoS attack is successful, that website will not be available for users.
DDoS attacks are the same concept as DoS attacks, however, attack traffic originates from many different sources – potentially thousands or more.
These attacks are most damaging as they come from thousands of sources, making it difficult to stop by simply blocking a single source. It is also very difficult to distinguish legitimate user traffic from attack traffic.
DDoS attacks are grouped into three broad categories
Volumetric attacks, commonly known as floods, overwhelm the target network bandwidth by sending a large volume of requests until the online traffic pipeline gets blocked and genuine users face service unavailability. In such events, incoming traffic jumps to gigabit or even terabit levels above the regular traffic. Attackers use hijacked devices, spoofed IP addresses, and amplify their attack techniques to create a large flood of network traffic.
An internet protocol is a set of rules applied between computing devices for seamless communication. Attackers exploit vulnerabilities in these protocols and overwhelm core services, such as routers, firewalls, or load balancers that forward requests to the target network. Protocol attacks are launched in Layer 3 or Layer 4 of the OSI model.
Application layer attacks in layer 7 target web application-specific resources and overwhelm their functions. The most common types of application attacks are HTTP floods, SlowLoris, Brobot, SSL Negotiation HULK. Application attacks include extensive file downloads or form submissions on the website, exhausting the resources. Because these requests appear to be legitimate, DDoS attack prevention becomes challenging.
Why Mitigation is Not Enough?
Damaging DDoS attacks continue to penetrate the best of breed mitigation solutions. One of the key reasons for this is that mitigation solutions are powerful, but need to be continuously monitored, and configured. However, in today's climate, it's impossible, as network vulnerabilities frequently change as new services and applications are added. As a result, changing current configurations leave systems open to ongoing new DDOS vulnerabilities. In parallel, DDoS attacks are also evolving in complexity and volume. They are becoming quicker and sneakier and common mitigation solutions are unable to respond quickly enough to new attacks.
Frequently Asked Questions
DoS vs. DDoS attacks. The primary difference between the two is that the former comprises one computer to launch an attack. At the same time, the latter consists of several computers being compromised to launch a distributed attack. Simple mitigation solutions such as firewalls can easily detect the source of a denial-of-service (DoS) attack; however, DDoS attacks are difficult to detect because of their often hidden multiple source locations. In addition, DDoS attacks channeled by a large number of botnets are powerful in creating large volumes of traffic, while a DoS attack is limited in creating an impact. As a result, a DDoS attack can be launched faster than a DoS attack, making it more challenging to mitigate.