Amplification DDoS attacks

18. 08. 2022
|
1 min. reading
|
Václav Nesvadba
|
Blog

If you have not yet experienced a DDoS attack, congratulations. The rising numbers of positive tests for Covid have recently been replaced by rising energy prices and an increasing number of cyber attacks called “Distributed denial of services”, i.e. distributed attacks that make a service unavailable on the Internet. Technically, this means creating a high volume of traffic that causes server overload and the unavailability of a target service, such as an e-shop. In many cases, a single attacker machine with a suitable tool (nowadays commonly available as open source) is sufficient.

Strong attack

More often, however, the attacker’s firepower is multiplied by the use of multiple (mostly virtual) machines under his control (BotNet). In addition, improperly configured public services can also be exploited. Combining both of these methods, the attacker then sends fake requests using UDP (typically for NTP or DNS service communication) with the (spoofed) source IP address of the attack target. The responses thus arrive, for example, to the aforementioned e-shop, which did not actually send any queries. Appropriately chosen requests can generate up to 200x larger responses. This will significantly amplify the attack (amplification). If the attack volume exceeds the connectivity capacity of the services, serious problems will occur, even if the attack uses a protocol that is explicitly blocked (e.g. on a corporate firewall).

Strong protection

The defence against this attack is quite simple. The DDoS protection service uses machine learning to create a profile of normal traffic and knows which packets to drop in the event of an attack. However, normal legitimate traffic passes through without issue and the service is up and running. As we gain experience with recurring attacks and their modifications, we are able to improve infrastructure readiness. In recent weeks, our monitoring center has been most frequently contacted by customers without DDoS protection whose services have come under attack. At Faster, we are fast and can get this service up and running within hours. However, to ensure quality results from machine learning DDoS detection tools, we recommend considering deploying protection for critical services before they come under such an attack.

© 2024 Faster.cz
Created by