What is a DDoS attack?
Whereas a Denial of Service (DoS) attack uses a single computer to launch an attack, a Distributed Denial of Service (DDoS) attack is a type of DoS attack that uses multiple devices to attack a target.
How a DDoS attack is performed
DDoS attacks are performed with networks of machines that consist of hacked computers and other devices so they can be controlled remotely by the perpetrator, through command and control software. Each single hacked device is referred to as a bot, while the network of hacked devices is called a botnet. Once a botnet is formed, the perpetrator is able to send remote instructions to each bot, instructing an attack. Each bot within the botnet will target a server or network with requests, overwhelming it and leading to a DoS. As every bot that makes up the botnet is a separate device, it can be difficult to identify the traffic that is coming as part of the attack. It also makes identifying the perpetrator more difficult, as there are more sources when compared to a DoS.
As is the case with DoS attacks, initial symptoms of a DDoS attack can seem similar to those of connectivity problems, or maintenance tasks being performed, causing disruptions. Or an unrelated but relevant surge in traffic. If the traffic is all within the same IP range or from users who share a lot of similar data (geolocations, device type, etc.), this can help identify if an attack is taking place.
How to prevent a DDoS attack?
The following are a few simple ways to prevent DDoS attacks from affecting a website.
Increase bandwidth
A simple way to potentially prevent a DDoS attack is to increase bandwidth, making your hosting “DDoS resistant”. This essentially allows your website to better handle sudden spikes in traffic to avoid slowing or shutting it down. This will at least make it more difficult for a DDoS attack to be successful.
Use a Content Delivery Network
A Content Delivery Network (CDN) is able to redistribute traffic when necessary and helps ensure that a DDoS attack doesn’t reach the origin server. This prevents a website from becoming completely inaccessible. CDN providers also include cybersecurity tools that protect a website in general from hacking attempts.
Having a smart system in place
It’s important to have a smart system in place that can mitigate a DDoS attack successfully. The main goal would be for the system to distinguish if traffic from a specific IP/client is participating in the DDoS or whether it’s a part of normal traffic. In general, the process would follow a Detection (early detection of traffic irregularities), Diversion (rerouting traffic away from the targeted device), Filtering (distinguishing between legitimate and suspicious traffic), and Analysis (identify attackers and collect information on attack) model.