Hi Readers, Denial of a Service also known as DDoS is a type of Distributed Network Attack. This kind of attack makes the application or website flooded with multiple fake requests which makes the website unavailable for some or all users. In this blog, we will see the basics of a DDoS attack and understand how it works.
What is DDoS Attack?
- A DDoS attack is done by an attacker in order to slow down the service by increasing a huge amount of traffic congestion to a specific target application or website and this makes it very difficult for normal users to use the application.
- Genuine users or application owners will see the effect of a DDoS attack as a drastic reduction of speed or complete outage or any other unknown consequences that they are habitual to see in normal operations.
How DDoS attack works?
- Normal traffic flows from online users to the target server using its internet connection.
- In the diagram below, we have normal users represented in clean traffic and bot users in not traffic.
- We’ll have clean traffic that comes through the internet and traverses through the connection from the internet to the target server.
- In this case, traffic flows completely normal, with no slowdown, and no pressure on that traffic flow.
How do attackers Attack?
- Attackers create so much traffic that it causes an inability to flow from the internet to the target server through its connection. Let’s see how it works?
- Attackers make a huge amount of fake network requests to the application which slows down the application and ultimately makes it unavailable for the actual users.
Check if Linux Server is under a DDoS attack
Get CPU information on the Linux Server including its uptime and server load
List all the IPs connecting to your server
This lists all the IPs connecting to our server. This list contains IPs that are either Server’s own IPs or personal IPs. But in case we find any IP which is not known to us and is not in our records, that is something to worry about. In that case, we would want to handle that IP address as that could be a malicious and harmful request.
Blocking malicious IP Addresses
route add <ip_address> reject #reject the malicious ip_address
route -n |grep <ip_address> #check if the ip_address is blocked
Prevention
- Reduce attack surface area
- Do not expose applications or resources to ports, or protocols. This minimizes possible points of attack.
- Plan Scaling
- While preparing the application architect makes it capable to handle large volumes of traffic.
- Make it scalable so that it can handle large requests.
- Distinguish normal and abnormal traffic
- Understand the characteristics of good traffic that the target usually receives and be able to compare each packet against this baseline.
That’s all for this blog. Hope you found some information from this. In case of any queries, you can contact me over my email id nitin.mishra@knoldus.com. To read my other blogs click this.
References