A denial of service can create extensive outages and downtime on a network. In this video, you’ll learn about denial of service techniques, distributed denial of service attacks, botnets, and more.
A denial of service is when an attacker causes a service to fail. This may be an overloading of the service or the attacker may have found a design flaw or a vulnerability in the software and it’s exploited that flaw to cause the service to fail. There are many reasons that denial of service might occur. It might be that a competitor is causing your website to fail so that all of the customers will go to their website. Or they may be causing a problem on one part of the network so they can easily circumvent some security rules and gain access to a different part of the network.
Although we sometimes think of this as a massive overload of data into a service or someone is taking advantage of a known vulnerability to bring a service down, this could be something relatively simple. Somebody can walk up to the side of the building and turn the power of for the building, and that would effectively be a denial of service. Sometimes we create these denial of service ourselves often accidentally.
It’s not unusual for somebody to plug-in the wrong cables in a wiring closet and create a loop that then brings down the entire network. Or maybe that you have a limited amount of bandwidth to the network. It might be a remote site with a DSL line and somebody trying to download multiple gigabytes of a Linux distribution. Or it might be that a water line has broken in the data center, and now we have to make sure that we can clear out all of the water so that we can bring the systems back up and running.
If there is a single device that is overwhelming a particular server to cause this denial of service, it’s relatively easy to filter out that single IP address and you’d be back up and running. The attackers know this. And so instead of using a single device, they use many different devices to cause this denial of service. These devices are from anywhere and everywhere in the world. So we refer to this as a distributed denial of service or DDoS.
It’s obviously difficult to recruit individuals from other parts of the world to participate in this distributed denial of service. So instead, the attackers use a botnet to be able to take over these user’s computers without them knowing. They then have control of what these devices are doing and can tell all of these distributed systems to begin sending a lot of information to one single IP address at their command.
This happened with the Zeus botnet where they were able to infect over 3.6 million PCs, and they were able to have a number of different DDoS occurring all from different parts of the world Unfortunately, none of the people participating in this DDoS had any idea their system was being controlled by a third party. The only way to resolve this is to contact every single one of these users and have them clean their system or remove the malware from their device.
Obviously, performing a worldwide malware cleanup is somewhat impractical. So we have to instead manage this process from our side. We might be able to filter out the DDoS attack by looking at specific traffic patterns that might be identical from all of these different systems. Many internet service providers have technology that is looking for distributed denial of service attacks, and they’re able to mitigate some of this impact at the ISP level.
And if your organization uses a third party service like Cloudflare to manage your network connection, there may be tools available that allow you to mitigate or even block a denial of service attack.