A cybercriminal strategy that renders an online service temporarily unavailable to customers and other users by holding up or interrupting a host server’s services, a distributed denial of service (DDoS) attack can cause havoc for any enterprise.
A DDoS style attack is typically unleashed from multiple compromised computers. This network of devices can be positioned all over the world and is commonly known as a botnet. What makes a DDoS attack different from regular denial of service (DoS) attacks is the way it utilises only a single network connection to send a torrent of unwanted traffic to its intended victim to knock it offline. In the following sections, we’ll examine three different kinds of DDoS attacks your enterprise may encounter.
UDP flood attacks
A UDP flood-type assault refers to a DDoS attack that attempts to flood its victim with User Datagram Protocol packets. The aim of this attack is to hit a remote host’s random ports with a flood of incoming traffic. This forces the host server to check repeatedly for an application receiving at each port, and when it finds no application present, it responds with a packet stating that the destination is unreachable. Designed to drain the host server’s resources, it can eventually result in it becoming inaccessible.
ICMP Flood
Employing similar tactics to the UDP flood methods, an ICMP flood attack swamps the victim’s server with ICMP Echo Request packets, also known as Ping packets. This approach generally sends packets rapidly and doesn’t wait for responses. This kind of attack can quickly consume not just incoming but outgoing bandwidth, as the target’s servers will usually try to reply with ICMP Echo Reply type packets, leading the system to slow down substantially overall.
SYN Flood
SYN flood DDoS attacks work by exploiting a known vulnerability within a TCP connection sequence. A SYN request is used to instigate a TCP connection with a target host but must be replied to by a dedicated SYN-ACK reply from the host, before being acknowledged by an ACK reply from the requester. During a SYN flood attack, the requester issues multiple SYN requests, but then transmits the SYN requests from an IP address that has been spoofed or simply doesn’t answer the SYN-ACK response issued by the host. Both tactics result in the target host server waiting continually for a confirmation for the requests, effectively tying up resources. Eventually, when new connections don’t happen, a denial of service occurs.
Keep your company content protected
Staying informed of the latest forms of assault launched by malicious operators is a wise move when protecting your organisation from cyberattacks. At Galaxkey, we understand that maintaining a robust infrastructure with rigorous data security protocols in place is critical to remaining resilient and fending off attacks, so we have built a secure platform for firms. Featuring powerful three-layer encryption based on the onion model and an innovative toolkit that allows you to send and receive data securely, you’ll be well-equipped to handle the latest threats aimed at enterprises. Get in touch today for an online demonstration.