The focus of this article is the Denial of Service (DoS) attack, what it is, and what can be done to mitigate the attack from affecting normal operations.
So what is a DoS attack?
It is simply an attack that happens towards an intended target which can affect any type of service. Typically this is done at a specific server or at a specific company.
"Ultimately, DDoS protection is a moving target and tracking the best ways of dealing with it will change as the attack types change.”
- Sean Wilkins
This type of attack is done through the use of malicious Transmission Control Protocol (TCP), User Datagram Protocol, and Internet Control Message Protocol (ICMP) traffic.
Now in today's large bandwidth networks it is not that effective to launch an attack on a company only using one location as it is much easier to trace and is hard to obtain enough bandwidth in order to affect the target.
This is how the Distributed Denial of Service (DDoS) attack came about; as the name states a DDoS attack is distributed over a number of different physical locations.
These types of attacks are typically launched from computer robots (bots) which are exploited computers which have an Internet connection.
These bots are then directed by central controllers to do the tasks assigned. These tasks vary but can include initiating a DDoS attack on a specified target.
Now when the combined bandwidth of thousands of bots comes into play, any company can have their Internet connectivity partially or completely blocked.
So what are the solutions to this problem?
You could make it so that machines aren't vulnerable to exploitation, but this is like asking that water not be wet. Vulnerabilities can be limited, but ultimately it relies on the education of the users.
Because the traffic originators can't be easily controlled, a method must be used in order to mitigate the effect of the attack and gather as much information as possible from it in order to locate the exploited machines and their controllers.
Typically, the methods used to mitigate the attack are "blackhole” routing and access control lists.
What happens with "blackhole” routing is that a provider routes all traffic from a given source or destination network to a non-existing network, which effectively drops all traffic to or from the source or destination.
This is typically deployed by Internet Service Providers (ISP) in order to limit the affect of an attack on the other customers on their network.
In the case of a DDoS attack blocking one source is not going to fix the problem as there can be thousands of sources, so it tends to be used based on the destination address or network.
The problem with this technique is that it essentially does what the attacker is trying to do by bringing down the target network.