|
|
The site is overloaded with requests and has stopped responding, and the server load has risen to 100% and is not weakening for a second? This is exactly what the symptoms of a classic DDoS attack look like from the victim's point of view.
DDoS stands for Distributed Denial of Service . The general idea behind such attacks is that the attacker intentionally sends a huge number of requests to the victim's server, which the server cannot handle and stops processing the requests.
The first DDoS attacks were recorded back in the distant 1980s, with the advent of the first public wordpress web design agency Internet networks. Today, this is a global-scale problem that every business that has a corporate website or provides web services to its clients has encountered in one way or another.
As is known, any server has limitations on the number of simultaneously processed requests. Load optimization is carried out by limiting the channel width between the Internet and the server. However, hackers are able to bypass these limitations by organizing a so-called "botnet" - a kind of network consisting of many computers controlled by malicious software.
The essence of ddos attacks
The computers themselves, participating in the botnet, are not connected to each other in any way. Their only purpose is to generate parasitic and often meaningless requests to the server. Why? To overload the attacked system. Almost any ordinary person who does not care much about the security of his PC can become part of the botnet: a hacker only needs to distribute a special Trojan virus, which will be launched remotely and bombard the victim's server.
In rare cases, low-skilled hackers resort to using their own physical and virtual machines to carry out a DDoS attack. Typically, in this case, all malicious requests come from 1-5 IP addresses and are easily blocked, after which the attack stops.
Types of DDoS attacks
Although all attacks are similar, there are several most characteristic variants among them.
Firewall, network, or load balancer overload attacks and other transport layer DDoS attacks.
Such attacks are characterized by the use of flood, consisting of thousands of "empty" requests. Flood in such attacks is usually divided into the following types: HTTP, ICMP, SYN, UDP and MAC.
At the infrastructure level, it is possible to overload the system with an overly complex and non-standard request that will take up 100% of the processor time.
If a hacker manages to find a vulnerability in writing to a server's hard drive, he can generate terabytes of "junk" files and overflow the file system.
The side effect of such requests, in addition to overflow, is an extremely high number of write processes and, accordingly, the inability to perform basic operations on the server due to disk occupancy.
Bypassing quotas and using physical resources of a server or VM for a hacker's own purposes.
Killer ping - the essence of the attack consists of sending ICMP packets of excessive volume and, accordingly, overflowing the memory buffer.
DNS attacks aimed at finding and exploiting vulnerabilities in DNS server software.
In addition to the types of DDoS attacks described above, there are others that are more complex and sophisticated, but it hardly makes sense to include them in the basic list.
Causes of DDoS
The reasons for attacks can be very diverse, from personal hostility towards the company/individual who owns the site or web application to politically charged motives. Let's look at several scenarios to illustrate the most common reasons for attacks.
|
|
發表於 2024-11-7 16:33:03