A DDoS, or distributed denial of service, is a malicious attack against a network or network resources that renders the target unavailable to users. A DDoS differs from a denial of service in that multiple compromised systems attack a target. A DDoS begins with an exploit to one vulnerable systems. Once the initial system is compromised, it becomes the DDoS "master." This "master" identifies and infects other vulnerable systems with malware, connecting all the systems, or "bots." The automated bots are remotely controlled and instructed by the master to launch an attack against a specific target during a specified time period, which results in an overload of system resources on the victim's system. The attack overwhelms the target, which could be a website, Web application, email, or other services, disrupting services and making them inaccessible to employees or customers.
DDoS attacks are not intended to access information contained within networks or applications. The first DDoS attacks were meant to take systems offline and disrupt “business as usual.” Today, DDoSs may be used to divert attention away from a stealthier attack that does intend to access IP or company-sensitive information. Because DDoS attacks are often very public-facing, organizations will scramble to restore services to customers, which leaves other areas of vulnerability open to attackers while defenders are preoccupied.
DDoS attacks can be bucketed into two major categories:
Network-centric attacks: These attacks overload a service by using up bandwidth. Network-centric attacks attack network layers 3-4, and are measured in gigabits per second (Gpbs): There are two types of network-centric attacks, volumetric and TCP attacks. Examples of network-centric attacks are:
• SYN attacks
• Internet Control Message Protocol (ICMP) flood
• Teardrop attack
Application-layer attack – These attacks overload a service or database with application calls and are aimed at operating system layer 7. Typical application layer attacks include:
• HTTP floods
• DNS query flood
• Buffer overflow
The biggest DDoS on record is the recent BangStresser. The New World Hacking group claimed responsibility for this attack over New Year’s weekend, claiming it was “only a test” against the BBC’s global websites and Donald Trump’s campaign site. Nonetheless, at 602 Gbps, it managed to take down the sites for several hours and registered at nearly double the size of the last biggest DDoS, which registered at 334 Gbps.