DDoS types – Knowledge and ways to protect yourself from attacks
Anyone who uses the Internet or Internet of Things (IoT) should be aware of the different types of DDoS used by attackers to harm companies or private individuals. Only if you deal with the topic of cybercrime can you actively protect yourself or your company from attacks. In the last article, we explained DoS and DDoS in an easy-to-understand way. In this article, you will learn a bit about methods and get examples that can help you protect yourself from attackers.
Botnets as preparation for DDoS attacks
As explained in the last article, a single computer is usually not sufficient for a successful DDoS attack. It is easier for the attacker if he first infects other people’s computers, mobile phones or similar with malware (malicious software) in order to launch a DDoS attack with the help of these devices.
Malware can get onto devices in many ways. For example, through contaminated e-mails which, when opened, lead to the download (and possibly installation) of malware or also through prepared links – if they are clicked on, malware is automatically downloaded unnoticed by the user (drive-by download). Once the malware has installed itself on a device, it becomes part of the botnet.
The more devices are infected, the larger the botnet becomes, which can be enormous and is often distributed worldwide. This makes it more difficult for the DDoS victim to successfully defend against an attack. If the botnet is large enough, commands can be sent from the attacker (also called the bot master) to the infected devices; this usually happens via a command-and-control server (C&C server), which is referred to as the master system in this context.
Botnets can be used for more than just DDoS attacks, so you should try to protect yourself and your internet-connected devices, including the data stored on them. In the worst case, attackers can gain administrator rights to your computer and IoT systems, which means that your computer can be maliciously remotely controlled and abused.
DDoS attacks with different types
There are different types of DDoS attacks. Various tools are used to initiate DDoS attacks (e.g. Low Orbit Ion Cannon (LOIC)). As forms of attack there are, for example, PING flood, SYN flood or LAND attack and more; we have selected three that we would like to describe to you in in a little more detail here:
- HTTP flood
Here, an overload of the target server (e.g. website) is achieved by sending a large number of requests to the server until it can no longer process the mass of requests. It does not matter which of the request methods is used, but POST is often used because the server receives, processes and stores data. It can be assumed that POST requests consume more resources, especially if a database is involved.
- UDP flood
UDP means User Datagram Protocol, which allows information to be exchanged in the form of UDP packets within networks. In a UDP attack, a very large number of UDP packets are sent to the ports of the target server, aiming to overload the processing and response capabilities of this server. Each incoming UDP packet must be processed and checked by the target system, which costs a lot of computing power if the number of packets is high. In addition, for each UDP packet, another ICMP “Destination Unreachable” packet is sent to the supposed sender. This is because if the sender of the UDP packets is manipulated (so-called IP spoofing), the attacker can use his first victim to attack other systems. Particularly perfidious is that the first victim is perceived as the perpetrator by the other victims.
- IP spoofing
In IP spoofing, UDP packets are sent by the attacker in which the source address (source IP) has been manipulated, thus the attacker disguises the actual origin of the packets. The attacker sends packets with the victim’s source IP to a third party, each device that receives a manipulated IP packet responds as usual, but these responses are sent to the forged (“spoofed”) address, i.e. to the victim. Attacks of this kind are difficult to detect even for savvy users.
What protection options are there?
Attackers can theoretically use any device connected to the internet to carry out cyber attacks. To avoid becoming part of a botnet that carries out DDoS attacks, even the simplest steps can help. It is made very easy for attackers if devices are used with the usernames and passwords provided by the provider. That’s why one of the first and probably easiest ways to make new hardware, such as a router or a smart home device, a bit more secure is by changing login data when you first log in and ideally on a regular basis. Also make sure to use strong passwords.
Other protection options can be difficult to understand or implement for people who are not from the IT sector. Nevertheless, we have noted a few points of reference here that, when actually and correctly implemented, help to increase protection against DDoS attacks or prevent such an attack.
First protective measures – Prevent your unknowing participation in a botnet
- If you buy used equipment, completely erase all existing data and reset the equipment to factory settings,
- always use new and unique passwords for your devices. Never use the usernames and passwords preset by the provider for longer than is required,
- do not open emails if the sender is suspicious,
- do not open links unless you know where they will take you,
- make sure you use safe websites,
- use anti-virus software on your devices (anti-virus software can also protect you from malware),
- update your anti-virus programs as soon as an update is available,
- remove devices from your network if you don’t need them for a longer period of time (fewer devices → less attack surface).
Protective measures for your website
- Use challenge-response tests, an example of which is Captcha, which can be used for website forms, for example. Captcha uses simple tests to be performed by the user to determine whether input comes from a bot or a real person,
- prevent IP requests with the help of an IP blocking list, e.g. if traffic increases significantly and it can be traced from which IP addresses the mass requests come. IP blocking lists can be created by yourself or automatically via a firewall.
However, caution is advised here, because if false requests (IP addresses) are blocked, you yourself will cause a DoS. Furthermore, significantly increasing traffic does not necessarily have to be an attack – your website can also naturally attract more attention and thus traffic than usual,
- hyperscalers (e.g. Amazon Web Services, Microsoft Azure or Google Cloud Platform) offer IT resources with flexible resource customization. Storage capacity and computing power can be adapted to current needs depending on the situation,
- reverse proxies, such as Cloudflare CDN (“Content Delivery Network”), offer good DDoS protection with corresponding technologies. A combination of web application firewall, cache, proxy server and global server load balancing is used. In addition to security, the loading time of your website also benefits.
Cybercrime is a ubiquitous issue, and it’s on an upward trend. If you believe that you or your company has been the victim of an attack, you should also report it to the police. In Germany, there is a central “Cybercrime” department that can help in case of an attack. It is important to report every attack, this is the only way to increase the chances that attackers can be identified. Disclaimer: we are not IT security consultants and the attack methods and protective measures mentioned are only intended to provide a small insight and primarily to raise awareness of the complex issues surrounding digital attacks. For concrete and individual protective measures, you or your company should seek advice from specialized IT security experts.
Internet of Things (IoT) is a collective term for everything that is connected to the internet and serves the communication between physical and virtual devices or technologies. This includes not only PCs, mobile phones or routers, but also security systems, smart TVs and other smart home devices.