DeMISTIfying Infosec: DDoS

February 22, 2016
By Katherine Teitler

DDoS attacks are not intended to access information contained within networks or applications. The first DDoS attacks were meant to take systems offline and disrupt “business as usual.” Today, DDoSs may be used to divert attention away from a stealthier attack that does intend to access IP or company-sensitive information. Because DDoS attacks are often very public-facing, organizations will scramble to restore services to customers, which leaves other areas of vulnerability open to attackers while defenders are preoccupied.

DDoS attacks can be bucketed into two major categories:
Network-centric attacks: These attacks overload a service by using up bandwidth. Network-centric attacks attack network layers 3-4, and are measured in gigabits per second (Gpbs): There are two types of network-centric attacks, volumetric and TCP attacks. Examples of network-centric attacks are:

• SYN attacks
• Internet Control Message Protocol (ICMP) flood
• Teardrop attack

Application-layer attack – These attacks overload a service or database with application calls and are aimed at operating system layer 7. Typical application layer attacks include:

• HTTP floods
• DNS query flood
• Buffer overflow

The biggest DDoS on record is the recent BangStresser. The New World Hacking group claimed responsibility for this attack over New Year’s weekend, claiming it was “only a test” against the BBC’s global websites and Donald Trump’s campaign site. Nonetheless, at 602 Gbps, it managed to take down the sites for several hours and registered at nearly double the size of the last biggest DDoS, which registered at 334 Gbps.

prestitial ad