Earlier this year, 4D’s CTO, David Barker, gave this exclusive webinar on what to know, as the threat of DDoS attacks becomes all the more imminent for UK businesses.
Understanding the OSI model
To understand the nature of a DDoS attack, we first have to look at the Open Systems Interconnection (OSI) model - this is a ‘reference model for how applications communicate over a network’ and essentially has 7 different layers.
The layers range from the physical elements such as cables and fibres at the base level to the application layer which is very much at the front end (for example, WhatsApp, browsing websites etc).
How does a DDoS attack work?
The goal of a DDoS attack is to overwhelm the targeted network and ultimately take it offline. The motives someone might have could be to extort money, to disrupt a competitor, political or as a smokescreen for other attacks. It has also been known for hobby hackers to carry out DDoS attacks for fun.
Imagine a lane of normal, legitimate traffic driving to your server which is, on a standard day, nothing to worry about. What if illegitimate traffic comes across and creates a traffic roadblock which the road network cannot cope with? This is essentially what a DDoS attack does.
Types of DDoS Attack
Taking into account the various layers explained by the OSI model, DDoS attacks can be placed into a few different categories. Any serious threat will involve attacking the target on a few different layers:
This attack at the top level targets a web server or application. This can be done by using hundreds of thousands of bots to refresh your application or website, overloading your server with requests and using up lots of computational power on your server.
A protocol attack (otherwise known as a ‘state exhaustion attack’) exploits weaknesses in the network and transport layers of the OSI model. It aims to exhaust the state table of a target (e.g. web servers, load balancers, firewalls) by sending spoofed SYN packets to the target server.
Still the most prevalent of DDoS attacks, and on the largest scale, these are designed to exhaust the available bandwidth of the target. These are cheap to launch and very effective - the attacker uses a form of amplification - typically, a compromised device (e.g. a PC with malware installed) launching the attack will pass the botnet a DNS request and have the replies spoofed out to the target.
One of the big issues is distinguishing legitimate traffic from genuine traffic - modern DDoS attacks are typically multi vector (e.g. volumetric combined with application). The goal of the attacker is to blend attack types to make it as hard as possible to protect yourself.
Some of the techniques to put in place can include rate limiting, which can also drop legitimate traffic, but is good for first layer defence and relatively easy to implement.
Another technique is black hole routing, where your service provider can send all traffic within the upstream network through a black hole towards the target device. While it does take the device offline, it still protects your infrastructure and allows you to keep the rest of your customers online.
4D’s DDoS Mitigation Service
A comprehensive DDoS scrubbing platform will take in traffic, ‘clean’ it, and block multi vector attacks - many will be blended and complex so a variety of techniques are used to block them. Our service uses large ingress bandwidth capacity to absorb volumetric attacks.
For more information on DDoS mitigation, chat with our technical experts today.