DescriptionThis article explains the concept of Distributed denial of service (DDoS) attacks.
It is assumed that FortiGate or FortiDDoS are deployed at end user environments where bandwidth is limited.
Solution1. DDoS attacks are attacks on availability.
2. DDoS attacks are attempts by hackers to make a system unusable or slow down the system.
3. They prevent legitimate users to get access to the system.
4. DDoS attacks are harder to prevent compared to DoS attack because hackers can be coming from everywhere.
DDoS attack can be divided into 2 phases:- The first phase will be infection phase:
- Hacker will try to exploit and infect as many systems as he can.
- Systems that were being infected and compromised will be called bot or zombie.
- These bots and zombies are scattered around the world.
- All these bots or zombies will be listening for commands from the hacker.
- The second phase will be attack phase:
- Hacker gives commands to the bots or zombies to attack a target system.
- When these bots or zombies obtained the command, they will start to attack the target system.
From the point of view of the target, the attacks will be coming from everywhere.
5. DDoS attacks can be divided into 3 categories:
- Bandwidth consumption.
- Resource starvation.
- Application programming flaw.
6. Bandwidth consumption.
- This attack is trying to saturate the bandwidth of the system.
- If the hacker can use up all the bandwidth, hacker can prevent legitimate users to get access to the system.
- For example:
- The customer subscribed 10 Mbps internet bandwidth from the ISP.
- If the hacker is able to fully utilized the 10 Mbps internet link, no bandwidth will be left for the legitimate users.
- Due to no bandwidth are left for the legitimate users, they will not be able to access to the system anymore.
- Examples of the attacks are Smurf attack, Fraggle attack, Chargen attack and amplification attacks.
- DDoS attacks that fall in this category cannot be mitigated effectively using FortiGate or FortiDDoS.
7. Resource starvation.
- This attack is trying to overload the resources on the system to make it unusable
- The resources can be session table, CPU processing time, disk space and etc
- Example of the attack is TCP SYN flood, SlowLoris and etc
- DDoS attacks that fall in this category can be effectively mitigated using Fortigate and FortiDDoS; FortiDDos has more advance and effective mitigation techniques compare to Fortigate.
8. Application programming flaw.
- This attack is trying to cause critical error to the system.
- Hackers try to send malformed data to the system and the system crashes.
- By causing critical error to the system, this makes the system unusable.
- Example of attacks are buffer overflow and programming logic errors.
- DDoS attacks that fall in this category can be effectively mitigated using FortiGate and FortiDDoS; FortiDDos has more advanced and effective mitigation techniques compared to FortiGate.