Why AD360
 
Solutions
 
Resources
 
 

Phases of a DDoS attack, explained

By Dharuna
Published on March 21, 2022

Denial-of-service (DoS) and distributed denial-of-service (DDoS) are forms of cyberattacks where the adversary tries to make services or network devices unavailable for their intended purpose by flooding the server or host with an overwhelming amount of malicious requests, rendering the machine unresponsive to legitimate requests. While DoS attacks typically originate from a single source (e.g., a computer or a network-connected device), DDoS attacks are carried out through multiple sources (e.g., bots) and cause more damage than the former. DDoS attacks are also more widespread than DoS attacks because they are far more sophisticated and difficult to control, even with modern cybersecurity solutions.

What does a DDoS attack look like?

Increased traffic to your website is always a good thing, right? Not necessarily. There’s a chance it could be a DDoS attack. Some of the tell-tale signs of a DDoS attack are:

  • A barrage of requests from a specific set of IP addresses or anonymized IP addresses.
  • All requests being targeted at a specific page, most likely the login page.
  • Excessive spam emails.
  • An unexplained increase in 503 errors.
  • TTL on a ping request timing out.

DDoS attacks can cause long-term impacts and are a serious security concern for businesses.

Types of DDoS attacks

Depending on the mode of attack and the target areas in the network, DDoS attacks can be categorized into the following types.

Volume-based attacks

These are the most common type of DDoS attack. In a volume-based attack, the attacker floods all the open ports with requests and overwhelms the network bandwidth. User Datagram Protocol flooding and Internet Control Message Protocol flooding are examples of this.

Protocol-based attacks

These attacks usually target the critical parts of the network used for verifying connections. This is accomplished by sending malformed pings or pings with irregular data that exhaust the network resources in the verification process. They also target load balancers and the firewalls that are configured to protect the network against such attacks. Examples of protocol-based attacks include a SYN flood and a ping of death.

Application-based attacks

These attacks are very sophisticated and difficult to identify. They target vulnerabilities in the application layer and the operating system. These attacks prevent important application information from being delivered to the user, and the overwhelming bandwidth results in a system crash. Examples of this type of DDoS attack include an HTTP flood and an attack on DNS services.

Fragmentation attacks

Fragmentation attacks are targeted at the TCP/IP reassembly mechanism, thereby causing a disruption and overlap of the data packets being put together. This overwhelms the network server. An example is a teardrop attack.

Phases of a DDoS attack

The DDoS attack chain is comprised of two phases.

Phase 1: Making a botnet

The first phase of a DDoS attack is the formation of a botnet. A botnet is a group of devices that have been compromised by malware and are now controlled by an attacker, known as a bot herder or bot master. This botnet will be deployed to launch DDoS attacks and other malicious acts, including phishing, email spamming, and theft of critical data. This phase takes place in three steps:

  1. Vulnerable devices that can be compromised and added to the botnet are identified.
  2. The devices are then infected with malware via phishing emails or stolen credentials. They may be used to directly launch a DDoS attack or to infect more devices that can be added to the botnet.
  3. The infected devices are organized and brought under the control of a bot herder. Earlier botnets were controlled by a single host server. This made it easy for the host to be tracked, so this method has become obsolete. This client-server model has now been replaced with a peer-to-peer model where all the devices in the botnet can communicate and redirect information to one another.

Phase 2: Launching a DDoS attack

In the second phase of the attack, the devices belonging to the botnet are directed to send requests to the target server. This overwhelms the server by taking up the entirety of its bandwidth and renders the server unavailable to respond to business requests from clients.

How do you prevent DDoS attacks?

Create awareness about basic cybersecurity best practices

Employees should be regularly trained on cybersecurity best practices and made aware of the importance of cyber hygiene practices like ensuring secure authentication, changing passwords frequently, identifying phishing attacks, and looking for the signs of a DDoS attack.

Secure the perimeter and reduce the attack area

Take inventory of all the devices on your network and disable inactive ones that can be exploited by attackers to enter your network. All the possible entry points of attacks should be identified through a network vulnerability assessment process so you can be better prepared to prevent DDoS attacks and other cybersecurity attacks.

Fortify your network security

Make use of robust and advanced cybersecurity solutions like anti-malware, anti-virus, firewalls, DDoS protection, and other tools that would best suit the size and nature of your business. Ensure that your servers are spread across multiple sites topographically. This will make it hard for an attacker to disrupt all the servers and will ease the balancing of excess traffic due to DDoS attacks.

While complete prevention of DDoS attacks is impossible, it is recommended that businesses be aware of the various ways a DDoS attack can happen, and have suitable mitigation measures in place to curb an attack. In fact, there were nearly 5.4 million DDoS attacks in the first half of 2021—an 11% increase compared to the first half of 2020. With the easy availability of DDoS attack kits, the rise in the number of IoT devices, and widespread connectivity between devices, which opens up attack channels, these numbers are expected to increase in coming years. Attack mechanisms will continue to evolve, and it is up to businesses to establish better security practices and protocols to protect themselves as much as possible.

Related Stories

 
Chat now
   

Hello!
How can we help you?

I have a sales question  

I need a personalized demo  

I need to talk to someone now  

E-mail our sales team  

Book a meeting  

Chat with sales now  

Back

Book your personalized demo

Thanks for registering, we will get back at you shortly!

Preferred date for demo
  •  
    • Please choose an option.
    • Please choose an option.
  •  
  •  
    This field is required.

    Done

     
  • Contact Information
    •  
    •  
    •  
    •  
  • By clicking ‘Schedule a demo’, you agree to processing of personal data according to the Privacy Policy.
Back

Book a meeting

Thanks for registering, we will get back at you shortly!

Topic

What would you like to discuss?

  •  
  • Details
  •  
    • Please choose an option.
    • Please choose an option.
    Contact Information
    •  
    •  
    •  
    •  
  • By clicking ‘Book Meeting’, you agree to processing of personal data according to the Privacy Policy.