Botnet. DDoS Attacks. Ways Of Protection.
DDoS attacks. Botnet. Ways of protection.
A DDoS attack is the failure of a specific Internet resource by creating a large number of simultaneous requests to the system. The purpose of the attacks is to block access to data and block the system.
For the system to overload, the number of incoming requests must exceed its ability to process them. To send requests, you need access to a vast number of computers.
A botnet is a network of remote computers on which malware has been installed, through which all computers are simultaneously managed to disable a specific resource. Thousands of computers around the world use to spread viruses, spam, phishing, or DDoS attacks.
All bots are managed with constant communication with a remote server. Installed software is an analog of classical malware; only the scale of infection is much larger.
If the computer hangs, the more cooling fan itself turns on in standby mode, the screen goes blank or system notifications of incomprehensible nature pop up, it seems that the computer is being used remotely.
Avoiding getting into a botnet
Actions are similar to fighting viruses. You need to select links when surfing the Internet carefully, do not download files of incomprehensible content, use the latest version of antivirus, and do not open letters from unknown senders. Even if the hacker software skips to the computer, the antivirus immediately finds it and ask to remove it.
Some info about DDoS attacks.
Types of DDoS attacks
Depending on which part of the system fell under the attacker's eye, there are three types of DDoS attacks:
- at the application level;
- at the protocol level;
- at the level of the communication channel.
Application-level DDoS attack
Target impact - web-server or CMS platform. For example, Apache, Windows IIS, Joomla, WordPress, Magento.
The purpose of the attack is to disable the site, online platform, or application. By the number of calls, they are relatively small but cause significant damage.
There are:
1) attacks on the DNS server: sending a request that requires a response from other parts of the system and a lot of false answers, one of which the server takes for real. Its source considers its DNS. The server sends clients sending the same request via false IP.
2) Layer 7 HTTP flood. The goal is to load a small server or system parts. The increased load on the server by small requests disables the site.
Protocol attack
Protocol attack increases the load on the server during data processing. The network server receives more traffic than it can handle.
There are two attack methods:
1) Death Ping - sending a data packet larger than 65535 bytes, loading it restarts or crashes the server. It can stop even a vast resource.
2) Synchronized attack - is launched when the client accesses the server through the host. Artificially forms a 'congestion' when connecting to the database, preventing real clients from connecting to the service.
Link Level Attack
Link level attack overloads the site with traffic. Very useful for a virtual server with limited space for the client database.
There are different types of flood with fake data packets.
Security measures against DDoS attacks
A web resource can be protected or made more stable during DDoS attacks.
Here are some suggestions:
- Install a web application firewall.
- Monitor traffic through special tools.
- Continue searching if 1 attack is noticed.
Removing CSS, JavaScript, Web-sockets, and POST requests can increase resistance to attacks, optimize images, floating frames, fonts, chats and comments, search function, redirects.
Conclusion
No one is safe from hacking a computer and DDoS attacks. However, these tips if they do not give a 100% guarantee, then they help reduce the damage done.
