Understanding Distributed Denial of Service Attacks (DDoS)
DDoS attack (Distributed Denial of Service) is an attack against a computing system with the aim of bringing it to failure (i.e. to the conditions when the legitimate users are unable to access the system) by depleting specific computing resources.
A DDoS attack is often accomplished with great number of queries from infected computers to a server where each query is similar to those generated by legitimate users. This provokes failure of site infrastructure as it fails to support an overly excessive load compared to its normal values. In order to generate such numbers of queries the adversaries exploit computers of internet users who remain unaware of this.
The adversaries infect web servers and computers with Trojan programs thus turning them into “zombies”.
Thousands of “zombies” are combined in a botnet – a network that can be controlled remotely. The largest botnet was registered in 2009; it comprised 1.9 million of computers from 77 countries. A single command sent by the hacker from any place in the world was enough to launch a DDoS attack. For this exact reason the lawenforcement bodies struggle to find perpetrators and organizers of DDoS attacks.
Our group classifies the attacks according to infrastructure elements they are aimed at:
- Channel layer [OSI Layer 2] – the attacks aimed to deplete channel capacity;
- Network infrastructure [OSI layer 3] – the attacks aimed at inactivation of network equipment (switches and routers);
- Transport layer and TCP protocol [OSI Layer 4] – various manipulations with TCP state machine: SYNflood, incorrect initiations/release of connections, buffer memory overflow;
- Application [OSI Layer 7] – attacks accomplished with the use of semantically apprehended protocol constructions of the attacked internet application, for example, HTTP Flood for websites.
A separate FBS subclass (Full browser stack) of application attacks should be highlighted. Such attacks require botnets that have a fullfledged web browser with the necessary range of extensions and plugins at their disposal. Such attacks are guaranteed to overcome solutions that utilize “puzzleverifiers” for a customer – from simple HTTPredirects to less trivial verifiers that use JS/AdobeFlash or Quicktime.
DDoS Attacks Matter
Distributed Denial of Service (DDoS) attacks can be used to make important online information unavailable to the world. Sites covering elections are brought down to influence their outcome, media sites are attacked to censor stories, and businesses are taken offline by competitors looking for a leg up. Protecting access to information is important for the Internet and important for free expression.