Distributed Denial of Service (DDoS) Attack

What is DDoS

Distributed Denial of Service (DDoS) attacks are a specialized type of Denial of Service (DoS) attack. DDoS attacks have become a tool of choice for malicious organizations worldwide.

In a Denial of Service attack, the intention is to a web application unavailable to its intended users, usually by flooding the target application with fake traffic or requests, which can overload systems and prevent legitimate traffic from reaching the application server.

In a DDoS attack, the attacker uses many different sources to launch the fake traffic—typically tens or hundreds of thousands of compromised systems (known collectively as a botnet). This makes it difficult to stop the attack by identifying and blocking a list of specific sources. For this reason, DDoS attacks can do more damage than ordinary DoS attacks, by making your business-critical applications unavailable to legitimate users for a longer period of time.

There are two types of DDoS attack: Application DDoS and Volumetric DDoS.

Application DDoS Attacks

An Application DDoS attack is a sophisticated strike in which an attacker takes advantage of a known performance problem in your application to overload it. For example, an attacker might find a function of the application that performs a performance-heavy query (like a full-text search), and repeatedly trigger that function, thereby overloading the database.

Volumetric DDoS Attacks

A Volumetric DDoS attack is a less sophisticated attack, in which an attacker floods your application server with a large amount of fake traffic. The server will reject the traffic, but with a sufficiently large volume of traffic, the time it takes to merely inspect and reject the traffic is enough to overload the application server, making it unable to serve legitimate requests.

Why DDoS is important

DDoS is among the most common and damaging types of cyber-attacks. With relatively little technical expertise, attackers can bring down websites and cause severe disruption to business operations. In fact, a study by Kapersky Labs shows that 20% of businesses with 50 or more employees have suffered at least one DDoS attack. And, despite what you might read in the news, attackers don’t just focus on big businesses and governments. The majority of victims of DDoS attacks are small to medium size businesses.

Although DDoS attacks are primarily aimed at denying service, they are often just a cover to hide a wider attack that may include data theft. The denial of service makes the detection of the data theft difficult or impossible. Even if data is not stolen, a significant percentage of DDoS attacks result in permanent data loss.

How Barracuda can help

The Barracuda Web Application Firewall uses a unique combination of capabilities to mitigate the risks from both Application DDoS and Volumetric DDoS attacks. It uses a variety of risk assessment techniques including application-centric thresholds, protocol checks, session integrity, active and passive client challenges, historical client reputation blacklists, geo-location, and anomalous idle-time detection to identify and block Application DDoS attacks.

And with the addition of Active DDoS Prevention, the Web Application Firewall is able to filter out Volumetric DDoS attacks before they ever reach your network or application servers.