A Distributed Denial of Service attack is nothing more than a targeted server overload. In the case of a DDoS attack, neither redundant design and expensive IP and data centre services nor physical security can help – if you don't have adequate protection.
What exactly happens during a DDoS attack?
First, the attacker infects thousands of computers with Trojans or so-called bots, forming an attacker network. Only when they activate this do the infected computers take action and access the victim's website all at the same time. This means they overload and block it through the vast number of requests to the server, so the website is no longer accessible. Typical targets are web servers, DNS servers, application servers, routers and firewalls.
What can protect against DDoS attacks?
A firewall alone is by no means sufficient. Other mechanisms and solutions are needed for an effective defence. It's their task to examine incoming traffic to the protected site for abnormalities, and quickly and effectively initiate countermeasures. At the moment an attack is detected, the defence mechanism and the DDoS protection solution passes the data to a ‘defence cluster’, which filters for malicious and benign files. The attackers are excluded and only a ‘clean’ data transfer may pass the protection solution and access the website. There are several typical and frequently observed forms of attacks, including:
This type of attack aims to clog the bandwidth of the provider's physical Internet connection. Here, many servers on the Internet are misused to generate and send small data packets from many large packets.
The SYN flood type of attack overloads the server/s of the website under attack by imitating a connection setup. The result: no more new connections can be set up and the website is no longer accessible.
With this type of attack, the attacker repeatedly accesses individual pages whose structure is CPU-intensive. This overloads the server and purposefully drives the operator's website costs up.
With a POST flood attack type, the attacker sends large documents to the server. The aim is to increase the server's memory usage. The result is that the server can no longer generate responses and becomes inaccessible to the user.
Call us today to find out more about MESH DDoS protection solutions: +49 (0) 211-38555-000.