“With over 23,000 recorded attacks per day, customer-facing enterprise services are bearing the brunt of attacks” — Charlie Osborne 2020, ZDNeT.
What are DDoS attacks?
Simply described, trying to reach a website that is undergoing a DDoS attack is just like getting stuck moving from location A to B during a traffic jam, which can sometimes be a horrific experience when you’re moving at a snail’s pace or not moving at all.
In one sentence, a DDoS (distributed denial of service) is a web-based attack where cyber attackers create vast amounts of malicious traffic to slow or take down a website.
DDoS illustration
Attackers usually use multiple connected online devices, creating a botnet, to flood fake traffic (along with real traffic from actual users) to a website. If the traffic is larger than the website’s maximum allowable traffic bandwidth, it will cause congestion which causes the server to lag, overload, and ultimately become unreachable and unresponsive. The bandwidth allocated to the website is then consumed by useless traffic as opposed to traffic from actual users.
A DDoS metaphor: the flow of water as web traffic and the glass as the webserver.
In the image above, normal web traffic is represented by the flow of water. The glass, aka the web server, can handle the flow of water under normal conditions, but when the traffic is too much, the server is overwhelmed.
DDoS attacks can be divided into 3 types:
- Volume-based: These types of attacks overload the server’s bandwidth with an extremely large number of small requests, causing the server to become unstable and crash. Examples: UDP floods, ICMP floods and other spoofed-packed floods
- Protocol: Taking advantage of old internet protocols’ weaknesses, this type of attack causes server disruptions by consuming infrastructure resources such as load balancers and firewalls. Examples: SYN floods, fragmented packet attacks, Ping of Death, Smurf DDoS
- Application Layer: This type of attack exploits application-specific vulnerabilities that make it impossible for users to use the application normally. Examples: Low-and-slow attacks, GET/POST floods, attacks that target Apache, Windows or OpenBSD vulnerabilities.
Why is your website getting DDoS attacks?
A common question people ask is, why would a hacker want to attack my website? This is especially true for smaller local businesses. The answer is simple — they’re not just targeting you or targeting you specifically. For many, if your website is under DDoS attack, it is probably due to being caught by a hacker’s botnet. Botnets have the ability to crawl over the web, looking for websites that are vulnerable and prone to attack. Many websites can be attacked at the same time, like when fishermen cast a net to catch a lot of fish. You could just be one of the fish.
The possibility of attack grows exponentially if your website belongs to industries with large amounts of personal data or online transactions such as medical, educational, financial, and e-commerce. As DDoS attacks are becoming more common and easy to execute, other possibilities (however rare) include being fouled by competitors or facing attackers motivated by an ideology which is in disagreement with the targeted websites.
Protect your website from DDoS attacks with Polaris
To protect our customers, Polaris DDoS protection is built into the platform to help identify DDoS attacks before they disrupt your services.
If you’re already using Polaris, click on the link below to learn how to configure your DDoS protection in just a few minutes:
https://support.polarisec.com/portal/en/kb/articles/ddos-protection
Authored By: Toan Doi
Edited By: Tin T. Nguyen
