Every day, hackers carry out about 2,000 attacks around the world. Representatives of small and medium-sized businesses lose an average of $50,000 per attack, large companies – up to $500,000 or more. Uber paid $149 million to customers whose data was stolen, Facebook paid a $5 billion fine. The goals of most attacks: theft of confidential data, extortion, the desire to harm a competitor.
What is DDoS?
DDoS – Distributed Denial Of Service Attack or, in Russian, – “bringing the server to faint.” Multiple requests are sent to the host computer, reducing the bandwidth of the communication channel.
When a user enters the site, the browser sends a request to the server, receiving a data packet in response – text and multimedia content appear on the screen. If the server is loaded, you have to wait a long time for images to be rendered. A DDoS attack can slow down a server or “put it down”, that is, make a site inaccessible to the user.
Who is being attacked and why?
Hackers mainly raid bankers, the IT sector, government websites, educational platforms, e-sports, online cinemas, less often retailers and news agencies.
Schoolchildren learn programming and hacking by training on “cats”. Professional hackers do the same, but on a higher level, in order to extort and steal data. Dudos are used by private and public entities to influence elections in other countries. Sometimes customers are business competitors – a personal insult or a desire to “fill up” a friend during a period of active sales.
Know the enemy by sight
In recent years, there has been a trend towards organized joint attacks – professional hackers get together in flocks and call themselves RedDoor, Lizard Squad, ezBTC. While you are peacefully watching another blockbuster, your computer is being attacked by the Pentagon. A network of many PCs, in a single burst of collective dudos, is called a “botnet”.
IoT bots have become the scourge of modernity. A hacker attacking cohort may consist of smart home appliances – each such device has a personal IP address from which requests are sent to the server.
In addition to a desktop friend, a refrigerator, an electric kettle, a video camera, and even a smart light bulb can be engaged in a DDoS attack in your home.
What is needed for a DDoS attack and how much it costs
The easiest way to trip up a hateful site is to order a stress test from a service that offers protection against attacks. This only works with the simplest sites on free CMS and cheap shared hosting. The test lasts from 2 to 20 minutes. A more serious attack can be organized using automatic tools.
The price of a DDos attack starts from $50, the final cost will depend on the amount of resources involved. Services that provide services offer anonymous advice, “moneyback”, a report on the work performed, and even give reviews of satisfied customers to read.
If the victim has reliable protection, the “raid” will cost much more. An attack on a VDS server costs $75-$100 for 5 minutes, if the site uses anti-DDoS services, the cost starts from $250. Domain blocking at the registrar level – from $1,000. Skype hack – $75.
How is the victim calculated?
Each site has its own personal address. We see only the name of the resource, program, its IP address. Not only the site, but also a specific user can be attacked. A decent hacker will conduct a “pentest” before an attack. The military would call this method “reconnaissance by force”. The essence of pentesting is a small controlled attack, with which you can find out the level of protection of the site.
You can get into any network through Wi-Fi. Hackers reboot the device remotely using a program like Websploit. The router returns to the basic settings and the standard password. The attacker gains access to all the organization’s traffic.
You can find the victim’s address using Skype or another messenger. This is done using hacker software on Linux. A lot of data packets are sent to the received address. As a bonus, you can put an auto-dial program on a specific number.
The working panel displays the address, status, type of operation. Preparing a package with false data will take a couple of minutes and automation will come into play – but this is an option for “lamers”.
Real “coolhackers” assemble their own team, infecting tens of thousands of computers and irons. Sometimes small networks are combined into larger ones, but this is not without risks. Often, attackers steal access keys to “armies” from each other in order to resell the “army” later.
You can do without an army of computers, as they say: “Do not have 100 rubles, but have 100 friends.” True friends will need 100,000, and preferably a couple of million. Such a flash mob is organized very simply – through social networks.
Types of DDoS attacks
“Ping of death” – too large a packet with a size of more than 65535 bytes. This type of hacking was popular in the 90s, it led to errors or server shutdowns.
HTTP(S) GET flood – meaningless information is sent to the server, clogging the data channel and consuming server resources.
Smurf attack – an attacker sends a request to the operating system with a spoofed mac address. All responses from the server are sent to the hacker’s ping request, and the victim waits indefinitely for the packets that the thief stole from her.
HTTP(S) POST request – transfer of large amounts of data placed in the request body.
UDP flood – in this type of attack, the timeout for waiting for a response from the server is exceeded, respectively, the user receives a refusal to process the request.
SYN flood – a whole swarm of TCP connections is launched at the same time, packed in SYN packets with an invalid or non-existent return address – “sending to the village of grandfather.”
POST flood — similar to GET flood, it transmits a large number of requests, which leads to the server freezing. If the HTTPS protocol with automatic data encryption is used, additional resources are spent on decryption, which only makes it easier for a hacker to “put”
Exploit programs are used by more advanced hackers that target commercial organizations. The software looks for code errors, backdoors, vulnerabilities.
Layer 7 HTTP flood – on a virtual server, it loads only certain sites. This type of DDos is difficult to identify because the traffic looks like normal user traffic. The main goal is increased server load.
HDD overflow – if log file rotation is configured on the site, all new logs are sent to the victim, which will take up all the free space on the hard drives. A very primitive way – throwing garbage, effective and dangerous. The speed of “uploading” junk files is very high, after 5 minutes the site will be unavailable to customers.
An attack on VoIP and SIP communication devices is carried out through special software, the organization needs to find out the user’s IP address.
Attacks at the DNS server application level. In most cases, the owners of sites on CMS Drupal, WordPress, Joomla, Magento become victims. A dedicated Amazon VPS server can handle 180,000 packets per second, a typical server processes an average of 500 requests in the same time.
What to do during a DDoS attack
You can carry out a reverse DDoS attack by redirecting the sent badge to the attacker. If you’re lucky, disable his equipment. To do this, you need to know the address of the hacker’s server and have good programming skills. You can’t do without a specialist in this area – they are rare and very expensive.
Active protection methods
Building distributed systems is a whole art that allows you to scatter requests across different nodes of a single system if some servers become unavailable. All information is duplicated, physically the servers are located in the Data-centers of different countries. It makes sense to use this approach only for large projects with a large number of users or high requirements for uninterrupted access – banks, social networks.
If the server does not have reliable protection or the measures taken have not yielded results, cut the ropes.
All DDoS traffic comes from the same ISP and backbone router, so you can block everything by connecting to a redundant Internet connection. The method is effective until you are discovered again.
The most reliable way to protect yourself is to put a stub on the site, brew some seagulls, sit in the “waiting” position and enjoy the performance. Sooner or later, the attack will stop due to the exhaustion of the budget.
“Stub” – a checkpoint, a special page weighing about 2 kilobytes with a filter code and a text message about the attack. The filter separates the data sent by the attackers from real users, automatically assigns cookies to users and redirects them to the desired page of the site. But this option is not suitable for banks, large retail chains, organizers of eSports competitions. You will need a programmer to install the plug.
“We will move on”
Of course, it’s ideal to do this before the system administrator starts running around the office shouting “Everything is lost!”, But even during an attack, it’s not too late to contact the service for comprehensive protection against DDoS attacks. There are several dozen software and hardware systems on the market to protect against hackers: Juniper, F5, Cisco, Arbor Networks, Qrator, Selectel, CloudFlare and others.
How services are protected
All Internet traffic arriving at the site is redirected to the servers of the security software and hardware systems, the client receives only cleared incoming traffic. Outgoing goes through other servers.
As a rule, the cost of such services is quite high. These same services offer constant monitoring and a dedicated IP to hide the real address. Money is taken depending on the amount of traffic coming to the server. Protection costs range from $250 to several thousand dollars a year.
The choice of strategy depends on the severity of the threat and the importance of the uninterrupted operation of the resource. For most sites, preventive measures are sufficient: firewalls, filtering requests according to the ACL list, installing passive monitoring programs, creating a redundant Internet connection line. If the income from the site is hundreds of thousands per day, you should think about reliable protection on an ongoing basis.
The number of attacks increases every year by 200%. Video cameras are united “in interest groups”, attacking financial institutions, refrigerators are “called” in Uber, and coffee grinders are ganging up on Amazon. Next time, looking at your “smart” teapot, take a closer look, maybe at this very moment he is dragging passwords from VK or trying to steal bank card data.