Turkish
English
DENIAL-OF-SERVICE ATTACK
While the internet world, digital revolution, and technological developments make our individual and corporate lives so much easier, on the other hand, it also poses great threats and risks. While wars are now being carried out as cyber-attacks, viruses, worms, and trojan horses have taken the place of guns.
If we try to describe all of the cyber-attack tools in a single article, since it would take hours to read, in this article, we will focus on DDOS attacks, which is one of the most widely used attack types, and the methods of protection from them. In our next article, we will examine DDOS Protection Services in detail.
WHAT IS A DDOS (DENIAL-OF-SERVICE ATTACK)?
DDOS (Distributed Denial-Of-Service) attacks, which are another type of DOS (Denial-Of-Service) attacks, are one of the widely used cyber-attack methods today. The reason why these attacks are called “denial of service” is that they are carried out with the aim of preventing the target system from serving and rendering the system inoperable. The target system is rendered inoperable and inoperable by being bombarded with data that its capacity cannot handle. In other words, the system or website is crashed.
What are the Causes of DDOS Attack?
DDOS attacks can be carried out by cyber attackers for many reasons such as political, religious, blackmail, and money-making. However, it would not be wrong to say that competition in business life is one of the most important reasons.
The target of DDOS attacks is mostly e-commerce companies, banks, or shopping sites that have a virtual customer portfolio. These attacks, which can prevent internet access and cause the system to disconnect from the outside world, can cause financial damage and prestige losses that are very difficult to compensate.
How to Perform DDOS Attacks?
Computers that use outdated software and do not have antivirus applications can be easily seized by attackers. DOS/DDOS attacks are also carried out by hackers using vulnerable computers infected with viruses, worms, and similar malicious software.
Attacks carried out on a single computer are defined as DOS, while attacks made using a “botnet/zombie network” that can consist of thousands of computers, smart mobile phones, or IOT devices are called DDOS.
Without real users even knowing, infected computers around the world are included in a “botnet/zombie network” by hackers. In DDOS attacks carried out by the attackers using the remote-control method, each computer (bot) included in the zombie network separately exposes the target system to an artificial traffic bombardment with a load that its capacity cannot handle. The bandwidth limit is exceeded as the system server tries to handle all incoming requests above its capacity. Eventually, the server system slows down and becomes unserviceable. Sometimes, when critical servers come to a standstill, it can even have an effect that can bring down the entire network infrastructure.
What Are the Symptoms of a DDOS Attack?
It is very difficult to distinguish the DDOS symptoms from a common computer issue. It can be considered as common computer issues such as slowness or disconnection in internet access, inability to access some websites, and increases in spam e-mail volume at first glance. However, it will not be difficult for a professional perspective to catch the suspicious situations we have listed below:
- Increases in traffic originating from a single IP address or the same IP range
- Traffic density from users who are similar in geographic location, device type, web browser version
- Increases in traffic to specific pages or apps only
- Sudden traffic spikes at certain times of the day
What are DDOS Attack Types?
DDOS attacks can be basically examined under three categories, according to the type and amount of artificial traffic generated and the security vulnerability of the target system.
Volume Based DDoS
Volume-based attacks, one of the most common attack types, target system bandwidth by using a fake source IP address, artificial (fake) data traffic is generated beyond the bandwidth capacity. As the bandwidth will be exceeded while the server tries to manage the artificially generated data traffic, the system becomes unable to respond to normal (real) data requests, and the service stops.
NTP and DNS amplification attacks and UDP flood attacks are examples of volume-based attacks.
Protocol Based DDoS
It is one of the most dangerous types of attacks that are carried out by taking advantage of the security vulnerabilities related to layer 3 and layer 4 within the server, firewall and OSI (Open Systems Interconnection) and cause service interruption by consuming server resources. Syn flood, Ping of death are examples of such attacks.
Application Attacks
It is a very complex type of DDOS attack that exploits OSI layer 7 vulnerabilities. It is intended to create denial of service by consuming limited resources such as disk space and available memory. Http flood, DNS server attacks are such attacks.
What are the Measures to be Taken to Protect Against DDOS Attacks?
Although it is not possible not to become the target of DDOS attacks, which are the most widely applied among cyber-attacks, it is possible to summarize the measures that can be taken in order to prevent the damage these attacks may cause to the system as follows.
- Using a well-designed, secure, and up-to-date network
- Working with system administrators who have comprehensive knowledge of TCP/IP system
- Increasing Internet bandwidth and server hardware capacities
- Configuring routers correctly
- To provide IP control by using firewall devices with “rare limiting” feature.
- Eliminating website security vulnerabilities
- Establishing a content delivery network to servers in different locations
- Using effective antivirus programs
- Using filters in the e-mail service that will also block spam traffic
