Skip to main content
DDos

Dynamics of DDoS Cyber Attacks and Defenses

ABSTRACT

Distributed denial of service (DDoS) is a kind of cyber attack that is getting more advanced and sophisticated. It is relevant to understand this from a holistic way in order to prepare to more relevant defenses.

 

ATTACKER'S GAME PLAN

DDoS Attack's End-Game
1) Make target website and application unavailable
2) Leak, encrypt or corrupt the target database
3) Discredit the target organization; or
4) Blackmail the target organization

DDoS Attack Patterns
(1) Single-Phase Attacks
a) Volumetric Attacks --- all kinds of flooding patterns through self-built botnet, rental DDoS service, reflective / amplification DDoS techniques through public DNS, NTP services;
b) Low and Slow Attacks --- exhaust concurrent sessions and new sessions of core network devices in light and slow manner;
c) Application Attacks --- through repeated login attempts, repeated application service requests, etc.;
d) Database Attacks --- through repeated database service requests;

(2) Multi-Phase Attacks
Any conbination of the below in any sequence until conquering the victim:
a) Test the external DDoS defense typically using varying loads of Volumetric Attacks
b) Test the firewall capability using Low and Slow Attacks
c) Attack application and database

DEFENDER'S STRATEGY

DDoS Protection is part of business and IT plan for key players of commercial, industrial, government and strategic industries. Apart from technical defenses, anti DDoS must be part of Disaster Recovery and Business Continity Planning.

Technical Defenses
1) Anti-DDoS Services --- cloud-based / ISP based DDoS to mitigate distributed attacks through distributed protections;
2) Anti-DDoS equipment --- Layer 2/3 network protection, layer 7 application protection;
3) Dynamic DNS --- to swap IP address quickly escaping from cyber attacks;
4) Disaster Recovery --- to fail over to different set of infrastructure;

Non-Technical Defenses
1) Business Continuity Planning --- how to continue business and operations in face of unavailable critical components and function;
2) Corporate Communication --- to maintain the organization's reputation and image

Contingency planning and resilience