Denial of Service Attacks: DoS vs. DDoS
Aug 09, 2019
Today, living in a digital world has become second nature – and as organizations continue to introduce new technologies to conduct business globally, they become vulnerable to cyber threats and creative hackers determined to cause a data breach. Denial of service (DoS) and distributed denial of service (DDoS) attacks have been used by hackers for at least the last two decades and are increasingly becoming the preferred method of attack to affect enterprise organizations.&nbps;
Difference Between DoS and DDoS Attacks
DoS attacks occur when a hacker uses a single system (computer) to send massive amounts of data requests through TCP and User Datagram Protocol (UDP) packets to flood and crash an organization’s server. A business’s legitimate users (i.e. account holders, employees, customers, etc.) are restricted from accessing the services or information they’re seeking to obtain. While this type of attack doesn’t usually end with an informational data breach, it could cost the business or organization that’s been attacked money and time to restore its server(s). This can be a costly fix for large businesses and organizations because for each second your website or online portal is restricted from access, it can translate into a loss of customers and a decrease in revenue.
In the below table, the Verizon 2018 Data Breach Investigations Report analyzes DoS patterns across different industries, outlining the number of security incidents versus data breaches that have occurred from Denial of Service attacks.
In contrast to a DoS attack, a DDoS attack often comes from multiple locations instead of just one. DDoS attacks are a type of a DoS attack that is created by a hacker using multiple systems and devices to target and overload a single server’s capabilities, in order to make it unavailable. These attacks can shut down a single system more easily and make it harder for the organization to determine the origin of where the attack came from. DDoS attacks can occur at any size of organization and within any industry.
A DDoS attack is especially difficult to fix for the following reasons:
- You must shut down multiple machines instead of just one
- The more machines that attack your server, the more significant the damage
- Multiple locations make it difficult to track down the attacker
Despite the differences between the two attacks, they both result in the disruption of services, preventing other users from accessing it, interruption of network traffic, or worse, a shutdown of the networks, applications, or devices that cause businesses to go offline and experience financial ramifications.
Many organizations and businesses are not equipped with the correct resources for DoS and DDoS protection or mitigation if it does occur. Secuvant has the manpower and resources to provide your business with DoS and DDos protection to catch and prevent these types of attacks early, but also to catch early warning signs of an attack, shut it down faster, and mitigate the damages. Call us today for more information on how we can enhance your cyber security!
Top 6 DoS and DDoS Attacks
Both DoS and DDoS attacks fall under three broad categories of attack types:
- Volume-based attacks
- Protocol attacks
- Application layer attacks
Within those categories, there are six top attack types that have been frequently used by hackers:
- UDP Flood: an attack that floods the network and random ports on a remote host with UDP packets, causing the host to repeatedly check for an application listening at the port. When no application has been found, the host replies with a packet that says the destination wasn’t reachable – resulting in other devices not connecting properly.
- ICMP (Ping) Flood: uses ICMP Echo Request or ping packets to initiate a brute force on the network in an attempt to make the network unreachable, resulting in a decline of speed across the network.
- SYN Flood: the hacker sends SYN requests to the network where it then responds with an SYN-ACK response. Instead of responding to the network’s ACK response, the hacker doesn’t respond which results in unanswered requests taking up network resources and preventing devices from connecting to the network.
- HTTP Flood: in this type of attack, the hacker uses HTTP GET or POST requests to send an attack on an individual web server or application. This type of attack requires less bandwidth on the hacker’s side to launch the attacks without using malformed or spoofed packets.
- Ping of Death (POD): just as the title sounds, this type of attack sends multiple malformed or malicious pings to a computer and network, sending individual IP packets that once assembled by the computer is larger than the maximum length of which an IP packet should be (65,535 bytes) – resulting in a crashed network.
- Slowloris: is a highly-targeted attack that doesn’t require bandwidth to bring down web servers. This attack sends partial HTTP requests with no intention of completing them until the network’s resources are tied up and the server can’t make any more connections.
In 2018, the largest-ever DDoS attack occurred to a popular developer platform called Github, with record-breaking traffic of 1.35 terabits per second. Github reported the attack came from over a thousand different autonomous systems (ASNs) across tens of thousands of unique endpoints using misconfigured Memcached servers to amplify the DDoS attack. Below is a graph depicting the level of traffic that occurred:
DoS and DDoS Protection & Damage Mitigation
Secuvant has been a leading cybersecurity provider to both small-scale and enterprise businesses. We have the expertise and resources to provide businesses with the best DoS and DDoS protection; our advanced technology and solutions allow us to catch the warning signs early on to stop an attack from happening. If one has already occurred and your business has been attacked, we also provide DoS and DDoS mitigation to reduce the lasting damages and effects such attacks have on a business.