Old tools stop working, and new approaches are required not to become a victim of DDoS attacks. This paper will look at the evolutionary path DDoS countermeasures tools take due to the changing practices of cybercriminals.
Evolution of DDoS attacks and means of countering this threat
The IT sphere is developing and becoming more complex; therefore, attacks are becoming more complicated. Technically, a DDoS attack meaning is a set of actions where the goal is to “clog” a communication channel in which the site/service will be unavailable. It is a distributed attack on an Internet resource to achieve its failure that brings it to a state where users cannot access it. It is possible in different scenarios. If such attacks are successfully carried out against the server, it stops responding to legitimate user requests. Large DDoS attacks target government websites, websites of leading IT corporations, etc.
The most widespread kinds of DDoS attacks
Let’s take a closer look at the types of attacks that are the most popular:
- A DNS attack is a kind of classic type of attack based on traffic reflection, as well as using traffic amplification. These attacks have been carried out for several years and are popular among attackers.
- The NTP protocol began to be used to implement attacks with traffic reflection much later than DNS. The high gain has increased the popularity of this type of attack. In addition, in 2014, a maximum power attack was implemented using the NTP protocol.
- SNMP is a protocol designed to manage devices on a network. To implement an attack using this protocol, queries with the GetBulk command are used, which automates the receipt of a large amount of data, mainly tabular.
- HTTP is the simplest request, for example, using an HTTP packet header that specifies the requested server resource. An attacker can use any number of titles, giving them the desired properties. In this case, all data sent between the client (intruder) and the server is encrypted. It creates an additional load on the victim server, which exhausts its computing power.
How to prevent DDoS attacks?
World leaders in information security make the need to detect and counter DDoS attacks a top priority in their research and development. It indicates that developing and implementing methods of protection against DDoS attacks is an urgent task. One of the most popular DDoS attacks is attacks based on the reflection and amplification of malicious traffic. When developing new universal protection methods against attacks of this type, the primary task is to analyze the protocols that can be used to implement such attacks. In addition, it is necessary to explore existing protection methods against attacks that reflect traffic using various protocols.
To counteract a DDoS attack that has occurred, you must take the following measures:
- Use anti-DDoS hardware and software. Servers must be protected by network firewalls as well as web application firewalls. In addition, it is useful to use load balancers.
- Configure network equipment to resist DDoS attacks. For example, you can configure a firewall or router to drop incoming ICMP packets or block responses from a DNS server outside the corporate network. It can help prevent ping DDoS attacks.
- Back up IT infrastructure. It is better to distribute the virtual server infrastructure over several data centers using a good balancing system that distributes traffic between them to make it difficult for hackers to carry out a DDoS attack on a server.