Basics of DDoS attack

European handicapped girl in vr glasses on sofa at home. Healing technology, robotic limb.
Reading Time: 3 minutes

Hi Readers, Denial of a Service also known as DDoS is a type of Distributed Network Attack. This kind of attack makes the application or website flooded with multiple fake requests which makes the website unavailable for some or all users. In this blog, we will see the basics of a DDoS attack and understand how it works.

What is DDoS Attack?

  • A DDoS attack is done by an attacker in order to slow down the service by increasing a huge amount of traffic congestion to a specific target application or website and this makes it very difficult for normal users to use the application.
  • Genuine users or application owners will see the effect of a DDoS attack as a drastic reduction of speed or complete outage or any other unknown consequences that they are habitual to see in normal operations.

How DDoS attack works?

  • Normal traffic flows from online users to the target server using its internet connection.
  • In the diagram below, we have normal users represented in clean traffic and bot users in not traffic.
  • We’ll have clean traffic that comes through the internet and traverses through the connection from the internet to the target server.
  • In this case, traffic flows completely normal, with no slowdown, and no pressure on that traffic flow.

How do attackers Attack?

  • Attackers create so much traffic that it causes an inability to flow from the internet to the target server through its connection. Let’s see how it works?

  • Attackers make a huge amount of fake network requests to the application which slows down the application and ultimately makes it unavailable for the actual users.

Check if Linux Server is under a DDoS attack

Get CPU information on the Linux Server including its uptime and server load

List all the IPs connecting to your server

This lists all the IPs connecting to our server. This list contains IPs that are either Server’s own IPs or personal IPs. But in case we find any IP which is not known to us and is not in our records, that is something to worry about. In that case, we would want to handle that IP address as that could be a malicious and harmful request.

Blocking malicious IP Addresses

route add <ip_address> reject #reject the malicious ip_address 

route -n |grep <ip_address> #check if the ip_address is blocked

Prevention

  • Reduce attack surface area
    • Do not expose applications or resources to ports, or protocols. This minimizes possible points of attack.
  • Plan Scaling
    • While preparing the application architect makes it capable to handle large volumes of traffic.
    • Make it scalable so that it can handle large requests.
  • Distinguish normal and abnormal traffic
    • Understand the characteristics of good traffic that the target usually receives and be able to compare each packet against this baseline.

That’s all for this blog. Hope you found some information from this. In case of any queries, you can contact me over my email id nitin.mishra@knoldus.com. To read my other blogs click this.

References

Written by 

Nitin Mishra is a Software Consultant at Knoldus Software LLP. He has done MCA from GGSIPU and completed Bachelor of Science in Computer Science from Delhi University. He is a tech enthusiast with good knowledge of Java. He is majorly focused in DevOps practice. On personal front he loves to travel mountains and writes poetry.