April 12, 2022
Three types of DDoS attack and how to protect your network
Large companies with a wide digital presence need more adaptable and effective solutions to prevent cyber attacks. In particular, one type of online threat has been growing in prevalence in recent years; the distributed denial of service (DDoS) attack. These attacks have the potential to shut down businesses, leaving internet services and networks inaccessible to users.
There are three basic forms of DDoS attacks - a volumetric attack, a protocol attack and an application layer attack. All three can cause digital platforms, servers and networks to crash, rendering these resources inaccessible to legitimate users. Enterprises and online stores may incur significant financial losses as a result of this.
DDoS attacks are becoming exceedingly complex and detecting them can be difficult. Without the owners' knowledge, a global network of infected devices can be virtually controlled. For hackers, this has the advantage of making IP addresses appear authentic thereby confusing firewalls, allowing them to gain control of devices, applications and networks.
Hackers are now utilising vulnerable Internet of Things (IoT) devices to launch DDoS attacks, but any web-enabled device can be used. SEACOM Business has partnered with NETSCOUT to provide DDoS protection to Kenyan businesses. Our DDoS Protect solution is ideal for large enterprises that need to autonomously detect and mitigate cyber threats.
Volumetric attacks
Volumetric DDoS attacks essentially use up all of the bandwidth of the target site by inundating it with fake traffic. This prevents legitimate users (i.e. customers) from accessing the website or e-commerce store. This sort of DDoS attack uses massive traffic volumes to overwhelm a network's capacity.
The attack results in high-bandwidth congestion, causing the system to become unresponsive when it can't handle the volume of requests. Normal operations are disabled and legitimate traffic can't flow through to the website or store.
Volumetric attacks can be used to take down a firewall or other device that monitors incoming and outgoing network traffic. By breaching a firewall, hackers can get access to a network, infect it with malware and steal data.
Hackers have figured out how to keep track of the outcomes of their attacks in an effort to make them more random in nature. This can be accomplished by sending requests from multiple IP addresses around the world at random intervals, so the term "distributed" denial of service attack.
DDoS security software that incorporates analysis tools and automated detection is essential for businesses that care about keeping their data secure and their business operations up and running at all times. The use of behavioural analysis will allow irregularities to be detected. Our DDoS Protect is a cloud-based solution that employs machine learning to detect and respond to patterns in traffic volumes, preventing attacks at the network's edge.
Protocol DDoS attacks
High traffic volumes aren't used in all DDoS attacks. A protocol attack is an example of a low-volume, long-term threat. Servers and immediate communication equipment, such as firewalls and load-balancers, are overwhelmed as a result. Protocol attacks, which are measured in packets per second (Pps), eat away at a network's processing capability.
Hackers flood websites and servers with bogus requests, consuming all available resources. A first-in, first-out (FIFO) queuing system is used in most networks. When a request is received, the computer processes it before moving on to the next request in the queue. The queue's length is limited, which means that if the queue grows too large, the computer will run out of resources to deal with it.
A request sent in a normal IP network interaction is referred to as a SYN. When the system receives the SYN, it responds with an ACK. Following that, the requesting IP confirms the response (known as SYN-ACK). A SYN flood is an example of a protocol attack. Hackers send SYN packets from fake IP addresses during a flood.
The target network answers with an ACK, but no SYN-ACK confirmation is received. This forces the system to wait and it will ultimately time out. As a result of the fraudulent transactions, the network resources are depleted and the request queue grows longer. The system eventually becomes overloaded and shuts down.
Endpoint protection and technologies that can identify whether IP addresses correspond to their purported origin are required to mitigate a protocol DDoS attacks. Having good firewalls and network security infrastructure that can monitor and segment networks, applications and servers is also important for preventing protocol attacks.
Application layer DDoS attacks
Application layer attacks are frequently combined with volumetric attacks. Volumetric attacks are used as a false threat while hackers target specific applications. The goal of an application layer attack is to bring down a web server by delivering requests that appear to be valid.
These attacks target application weaknesses, such as those found in online payment systems, and are considered the most harmful type of attack because they are difficult to identify and mitigate. Attacks on specific applications might go undetected for long periods of time.
Slowloris is an example of an application layer attack. The attacker makes partial requests to a target server, attempting to keep these connections open as long as possible while sending further partial requests. Since requests are never complete, the system becomes overloaded and additional requests are blocked. Regular users are unable to access the application as legitimate requests can no longer be made.
The detection of an application layer attack is made more difficult by sending partial packets rather than corrupted ones. These types of attacks often go on for a long period of time, especially when targeting high-volume websites. To detect suspicious behaviour in applications, cyber security must involve behavioural monitoring of traffic and usage patterns, similar to volumetric attack mitigation.
SEACOM’s DDoS Protect service
Our DDoS Protect service protects you against all forms of DDoS attacks. At SEACOM Business, we recognize that not all attacks are the same and that some may be a hybrid of multiple types. Cyber criminals are continuously modifying their tactics and blended attacks, which are more harmful and sophisticated, are on the rise.
DDoS Protect detects and mitigates a variety of traditional and emerging types of attacks. These are detected and blocked promptly thanks to automated data filtering and traffic monitoring. We offer both cloud-based and on-premises protection. For more information or to get a quote for our DDoS Protect solution, email us at marketing@seacom.com or leave us a message.
SEACOM owns Africa’s largest network of information and communications technology (ICT) infrastructure, including fibre optic networks and subsea cables. We offer a wide range of industry-leading scalable ICT solutions for large companies that operate throughout the region.
SEACOM is privately owned - making it adaptable to the needs of the client. We are the preferred ICT and internet connectivity supplier for African enterprises. We can guarantee fast, reliable and secure internet and networking services at affordable prices.
For more information on these solutions, follow us on LinkedIn, Facebook or Twitter. Keep an eye on our news section for industry news and announcements on African ICT, internet connectivity, cloud services and security solutions.