Home » Knowledge Center » What is DDoS

Knowledge Center

What is DDoS denial of service?

What is DDoS denial of service?

What everyone needs to know about DDoS

DDoS stands for Distributed Denial of Service. A malicious hacker uses a DDoS attack to make a computer resource (i.e. – website, application, e-mail, voicemail, network) stop responding to legitimate users. The malicious hacker does this by commanding a fleet of remotely-controlled computers to send a flood of network traffic to the target. The target becomes so busy dealing with the attacker’s requests that it doesn’t have time to respond to legitimate users’ requests. That can cause the target system to stop responding, resulting in long delays and outages.

What is a distributed attack?

One DDoSer can do a lot of damage. These denial of service attacks are called distributed because they come from many computers at once. A DDoSer controls a large number of computers that have been infected by a Trojan virus. The virus is a small application that allows remote command-and-control capabilities of the computer without the user’s knowledge.

What is a zombie and a botnet?

The virus-infected computers are called zombies – because they do whatever the DDoSer commands them to do. A large group of zombie computers is called a robot network, or botnet.

Your computer could be part of a botnet without your knowledge. You might not notice any difference, or you might notice your computer is not as fast as it used to be. That’s because it may be busy participating in a DDoS attack at the same time you are using it. Or, you might find out that your computer is infected when your Internet service provider (ISP) drops your service because your computer is sending an unusually high number of network requests.

What is a DDoS command-and-control server?

Zombie computers in a botnet receive instructions from a command and control server, which is an infected web server. DDoSers who have access to a command and control (C&C or CC) server can recruit the botnet to launch DDoS attacks. Prolexic has identified more than 4,000 command-and-control servers and more than 10 million zombies worldwide. We track them and notify law enforcement to disable them when possible.

Many types of DDoS attacks

There are many types of DDoS attacks. They target different network components – routers, appliances, firewalls, applications, ISPs, even data centers – in different ways. There is no easy way to prevent DDoS attacks, but Prolexic has a proven DDoS protection approach that works to minimize the damage and let your system keep working during an attack.

DDoS attackers use a variety of DDoS attack methods. The malicious hacker group Anonymous, for example, started with a tool that could launch Layer 7 DDoS attacks and Layer 3 DDoS attacks from any computer. These attacks had a common attack signature – that is, common code. As a result, the attacks could be detected and mitigated (stopped) fairly easily.

It’s a game of cat and mouse. The cat learns about what the mouse is doing, so the mouse changes tactics to avoid getting caught. DDoSers got smarter and started randomizing their attack signatures and encrypting their code. Some even started using browsers to visit a web page and feed harmful code to a web application on the site.

Although application-layer DDoS attacks are more difficult to recognize, DDoS mitigation experts in our Security Operations Center (SOC) know what to look for – and we are always looking. Our anti-DDoS experts monitor and analyze these attacks all the time– day and night – and block the DDoS attacks that target our clients.

What are application layer 7 DDoS attacks?

Application layer 7 (L7) attacks may not create such high volumes of network traffic, but they can harm your website in a more devastating way. They might activate some aspect of a web application, such as posting different user names and passwords, or targeting a shopping cart or search engine.

Many of the high profile e-Commerce outages are the result of Layer 7 application attacks. The biggest issue is that Layer 7 attacks change and randomize very fast. Anything a visitor can access an attacker can too – and it looks the same to an IT administrator.

Know this – automated mitigation appliances, firewalls, ISPs, and cloud providers simply cannot mitigate Layer 7 attacks. But Prolexic can because our technicians monitor and analyze the attack while it’s happening – and have the tools and expertise to block all Layer 7 attacks.

Learn more about DDoS attacks and DDoS protection from Prolexic.
Ready to learn more?

  • The Cost of Denial-of-Services Attacks

    Free report from The Ponemon Institute

  • Web Application Firewalls: The TCO Question

    Analyst white paper

  • Threat: Joomla Reflection DDoS-for-Hire

    Compromised Joomla servers used for DDoS GET floods

  • Frost & Sullivan Stratecast Report

    “Going to the Edge with Security”

  • Threat: MS SQL Reflection Attacks

    DDoS attack abuses MC-SQLR in SQL Server instances

  • Q4 2014 State of the Internet - Security Report

    Number of DDoS attacks nearly doubles in a year