Which of the following is a DDoS attack?

by
Which of the following is a DDoS attack

A Distributed Denial of Service (DDoS) attack is a malicious attempt to disrupt normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. DDoS attacks achieve effectiveness by utilizing multiple compromised computer systems as sources of attack traffic. Exploited machines can include computers and other networked resources such as IoT devices. From a high level perspective, a DDoS attack is like a traffic jam clogging up the highway, preventing regular traffic from arriving at its desired destination.

Common DDoS Attack Vectors

There are several common DDoS attack vectors that bad actors use to carry out these attacks:

  • Volume-based Attacks: The goal is to overwhelm the target with a flood of traffic. These attacks include UDP floods, ICMP floods, and other spoofed-packet floods.
  • Protocol Attacks: These go after weaknesses in the protocols that make the Internet function. Attacks include SYN floods, Ping of Death, Smurf DDoS, and more.
  • Application Layer Attacks: Target web applications and servers by exhausting server resources. These include low-and-slow attacks, GET/POST floods, and more.
  • Multi-Vector Attacks: These combine multiple attack vectors and target infrastructure components beyond just the actual web server or application. The goal is to create an exponential attack impact.

Common DDoS Attack Tools

There are many tools that attackers use to carry out DDoS attacks. Some of the most common include:

  • LOIC (Low Orbit Ion Cannon): A popular DDoS tool used to perform volume-based attacks like UDP floods and other floods.
  • HOIC (High Orbit Ion Cannon): An updated version of LOIC that allows the attacker to control multiple LOIC instances to perform more powerful attacks.
  • Trin00: Used to launch DDoS attacks via UDP flooding.
  • XOIC: An updated version of LOIC that can be used to launch TCP, UDP, and ICMP floods.
  • RUDY: A powerful botnet-driven DDoS tool that can perform multi-vector DDoS attacks.
  • Tor’shammer: A tool leveraging the Tor network to anonymize and reflect application-layer attacks.

Common DDoS Targets

DDoS attacks target a wide variety of organizations and services. Some of the most common DDoS targets include:

  • Websites and web applications
  • DNS servers
  • Email servers and infrastructure
  • Cloud-based services and infrastructure
  • Gaming sites and networks
  • E-commerce sites
  • Banks and financial institutions
  • Government and military sites
  • Media and entertainment companies
  • High-traffic sites like Reddit

Essentially any organization or service that is dependent on Internet accessibility is at risk of being targeted by a DDoS attack. Attackers may be motivated by ideological, political, or financial reasons when selecting their targets.

Major DDoS Attacks in History

Some of the major historical DDoS attacks include:

Year Target Details
2000 Major sites including Amazon, CNN, eBay, and Yahoo! Series of powerful attacks that brought down major sites. Used TFN tool.
2007 Websites in Estonia Weeks-long continuous attacks over cyberwar dispute with Russia.
2010 MasterCard, Visa, PayPal Anonymous launched attacks over blockade of WikiLeaks.
2012 Major US banks Significant disruptions from one of the largest botnet armies ever seen.
2014 BBC, League of Legends, EA Hacktivist group Lizard Squad launched series of high-profile attacks.
2016 DNS provider Dyn Massive disruptions from Mirai botnet leveraging IoT devices.
2017 French presidential candidate Emmanuel Macron hit with major DDoS two days before election.

This table highlights some of the major historical DDoS attacks, demonstrating how this attack method has been leveraged over the years against critical sites and services.

DDoS Attack Methods

There are a variety of specific methods and techniques used to execute DDoS attacks. Here are some of the major ones:

Volume-Based Attacks

  • UDP flood – Sends high volumes of spoofed UDP packets to random ports on the target. Can consume bandwidth and overwhelm connection state tables.
  • ICMP flood – Leverages spoofed ICMP echo requests (pings) to overwhelm network resources and hosts.
  • SNMP reflection – Spoofs the source IP of the target and sends SNMP queries to devices using the SNMP protocol, generating floods of responses.
  • NTP amplification – Exploits publicly accessible NTP servers, using the monlist command to trigger huge responses. Can achieve massive amplification.

Protocol Attacks

  • SYN flood – Sends a flood of TCP connection requests but never completes the handshake. Can exhaust a target’s connection state tables.
  • Ping of Death – Sends malformed or oversized ICMP packets that crash systems when reassembled.
  • Smurf – Spoofs the source IP of the target and broadcasts ping requests on the network. This triggers floods of ping responses from all devices on the network.

Application Layer

  • HTTP GET/POST floods – Rapidly sends HTTP requests to overwhelm web servers and applications.
  • DNS query floods – Floods a DNS server with random subdomain queries, exhausting resources.
  • SSL renegotiation – Continuously renegotiates SSL connections, overwhelming servers with expensive cryptographic operations.

Multi-Vector

  • Botnets – Leverages networks of compromised devices to conduct attacks. Makes attacks more difficult to trace and defend against.
  • DDoS for hire – Underground DDoS services for rent, providing access to botnets and easy attack methods.
  • SSL-based attacks – Exploits encryption overhead by continually establishing SSL connections and renegotiations.

Defending Against DDoS

There are a number of best practices organizations should follow to defend against DDoS attacks:

  • Implement DDoS mitigation solutions both on-premise and from providers like Cloudflare.
  • Increase bandwidth capacity to absorb volumetric attacks.
  • Enable filtering and rate limiting on edge routers and firewalls.
  • Null route known bad IP ranges.
  • Follow patching best practices and disable unused services.
  • Implement IPS and AI/ML detection to quickly identify anomalies.
  • Engage DDoS protection and mitigation services when under attack.
  • Validate third-party defenses through load testing.
  • Have an incident response plan in place for attacks.

With a concerted strategy leveraging both internal and external protections, the impact of DDoS attacks can be minimized.

Legal Implications

DDoS attacks have serious legal consequences. Some of the potential criminal charges include:

  • Computer hacking/unauthorized access charges
  • Criminal mischief laws
  • Racketeering charges
  • Conspiracy charges
  • Violations of the Computer Fraud and Abuse Act
  • Potential terrorism charges depending on circumstances

Penalties can be severe depending on the scale and impact of the attack. Major attacks targeting critical infrastructure can potentially carry multi-year prison sentences under anti-hacking laws.

Ethical Concerns

DDoS attacks raise a number of ethical concerns:

  • Free speech issues when used for protest – There is debate around whether DDoS tactics are legitimate forms of civil disobedience and free speech versus unethical censorship.
  • Proportionality – The potential for severe disruption to business and communication raises proportionality concerns.
  • Collateral damage – Attacks often impact more than just the intended target, raising ethical issues.
  • Exploiting innocent systems – The use of malware and botnets to enslave devices without owners’ consent raises ethical issues.

Like any powerful technology, DDoS capabilities can be used for both ethical and unethical ends. Developers of DDoS tools and botnets bear some responsibility for how their creations are leveraged.

Conclusion

DDoS attacks present an evolving threat that can be highly disruptive to organizations when used by malicious actors. From simple volume floods to sophisticated botnet-driven attacks, there are many technical vectors available for executing DDoS campaigns. Motivations range from political causes to financial gain. Defending against DDoS requires concerted effort across technologies, services, and best practices. By understanding how DDoS attacks work and the steps that can be taken, organizations can limit their impact and maintain business continuity.