The way it’s carried out is by building networks of infected computers called botnets. This is done by spreading malware through emails and websites and now, through social media. These machines can be controlled remotely without the knowledge of their users and can be used as an army to attack a single target. The DDoS attack is usually carried out through millions of machines.
Types of DDoS Attacks
There are different types of DDoS attacks which overwhelm sites and services differently. The first is a volume-based attack which saturates the bandwidth of the targeted site. Its magnitude is measured in Bits per second (Bps).
Protocol attacks target actual server resources like firewalls and load balancers and overwhelm the intermediate communication equipment. The magnitude is measured in Packets per second (Pps).
Application Layer Attacks target Apache, Windows, or OpenBSD weaknesses. They are comprised of requests that seem benign, but they overload the system and crash the web server. Their magnitude is measured in Requests per second (Rps).
There are several approaches to mitigating DDoS Attacks. However, some are more effective than others. The most straightforward approach is the DIY approach. It’s not very effective as you could probably surmise because not everyone is computer savvy or educated in programming and hacking to understanding how to do it themselves. Most people don’t recognize different types of attacks when they happen and don’t know how to respond if the attackers change their methods mid-hack.
You can also use ‘on-premise appliances’ to mitigate the DDoS attack. This involves having appliances that have advanced traffic filtering options and are armed with a combination of geo-blocking, rate limiting, IP reputation, and signature identification. This is an effective way to alleviate the damage from your everyday DDoS attacks. However, the drawbacks here are the ability to handle excessive traffic, which caps out at 10 Gbps in most networks, the need to manually deploy appliances to stop an attack and the maintenance and purchase costs of the appliances themselves.
The final and most effective method is the ‘off-premise cloud-based solution.’ This involves paying a company to handle your traffic for you and protect it against any type of DDoS attack. This way you’re not relying on home appliances and don’t need to worry about capping bandwidth. They don’t require the upkeep and maintenance that on-site appliances do, and they have professionals that know what they’re doing to the letter.
There also exists an on-demand option for stop network layer attacks. It stops volume and protocol attacks through rerouting traffic.