A Primer On DDoS Attacks and How to Survive Them

New Update

Many of us correlate these series of incidents with hacking and cyber attacks, but in reality, these are very different from those of DDoS attacks.


Distributed Denial of Service attacks

DoS attack is the simplest form of attack against a computer, making the system deprived of a particular service. In a DDoS attack, a target system is attacked by multiple convergent systems. It leverages multiple sources to create the denial-of-service condition. Attacking a single system from multiple sources helps the intruder in two ways. First, he can hide his IP from rest of the world and secondly, using multiple resources helps him to amplify and concentrate the attack. In a general DDoS scenario, huge number of messages targeted towards a particular system, makes that system unable to response, ultimately forces that system to shut down and resulting in denial of service for the intended user.

Methods used

There could be a method where someone start with a ping command, aimed at target address, and let it run in full speed, trying to flood the other side with ICMP Echo Requests, or ping packets. But this is not in use these days, because in this case, the attacker would need a connection with more bandwidth than the target site. So now, botnets are used in almost all cases, because it's simpler for them, and is less apparent, making the attack completely distributed.

Now the question is "what is botnets?" Emerging market territories often lack proper client control, however, and malware infection rates are high. When these malware clients are directed by centralized command-and-control servers, they become "botnets." The working procedure can be described as where the intruder makes use of Botnet technology on rent, and thousands of compromised systems are aimed at the target. While a single computer would have no chance of bringing a site down, if 10,000 computers send a request at once, it would definitely bring down any unprotected server.

Attackers misuse the TCP three-way handshake to incorporate the DNS into attack scenario. Now, it could be done by various ways: Simple network attack (Syn attack), DNS attack (UDP Flood) & HTTP floods (SSL attacks). (We will cover these in details in the subsequent articles).


As organizations look to make DDoS protection a primary security initiative, they must choose the appropriate approach that suits their needs. Organizations vary in shapes in sizes, but one constant is that they should employ a layered approach to their security challenges. A comprehensive DDoS solution must include multi-layer strategy, safeguarding DNS Servers and turning attention back to business). For details on how to do this, watch out the May issue (print) of Dataquest   .