<p>In 2023, CloudFlare detected and thwarted the largest attack they&#39;d ever seen, at 201 million requests per second (rps), which was almost 8 times larger than their previous 2022 record of 26 million rps and 5 times larger than the 46 million rps Google recorded. Additionally, CloudFlare also reported that DDoS attacks had also reached new heights in complexity, alongside size.</p>
<p>But what exactly is a DDoS attack? How can it threaten our <a href="https://www.hicloud.sg/news/blog/what-is-cyber-security">cyber security</a>? What should we do during a DDoS attacks? In this blog post, we take a close look at one of the most common security threats and answer these questions to help you safeguard against them.</p>
<h2 id="what-is-a-ddos-attack">What is a DDoS attack?</h2>
<p>A DDoS <strong>(Distributed Denial-of-Service)</strong> attack causes a server to be overwhelmed with too many maliciously sent web requests, causing the server to crash and become unavailable to users. To accomplish this, the attacker manipulates many internet-connected devices to flood the server with these web requests.</p>
<p>Think of DDoS attacks as millions of people trying to crowd into a tiny room. In no time, the room will be packed and nobody will be able enter or exit. DDoS attacks can also be likened to intentional traffic jams that clog up highways and stop regular traffic from reaching its destination. </p>
<p>In general, DDoS attacks are most common in Layer 3, 4, 6, and 7 of the OSI model.</p>
<p><img
                      data-original-url="https://assets.hicloud.sg/gringotts/OSI_model_279fbc4b75.png"
                      alt="OSI model"
                      sizes="(max-width: 1024px) 100vw, 1080px"
                      decoding="async"
                      load="lazy"
                      style="cursor: zoom-in; transition: all 300ms ease-in;"
                      srcset="https://assets.hicloud.sg/gringotts/OSI_model_279fbc4b75.png?x-oss-process=image/format,webp/quality,q_90/resize,w_640 640w, https://assets.hicloud.sg/gringotts/OSI_model_279fbc4b75.png?x-oss-process=image/format,webp/quality,q_90/resize,w_750 750w, https://assets.hicloud.sg/gringotts/OSI_model_279fbc4b75.png?x-oss-process=image/format,webp/quality,q_90/resize,w_828 828w, https://assets.hicloud.sg/gringotts/OSI_model_279fbc4b75.png?x-oss-process=image/format,webp/quality,q_90/resize,w_1080 1080w, https://assets.hicloud.sg/gringotts/OSI_model_279fbc4b75.png?x-oss-process=image/format,webp/quality,q_90/resize,w_1200 1200w, https://assets.hicloud.sg/gringotts/OSI_model_279fbc4b75.png?x-oss-process=image/format,webp/quality,q_90/resize,w_1920 1920w, https://assets.hicloud.sg/gringotts/OSI_model_279fbc4b75.png?x-oss-process=image/format,webp/quality,q_90/resize,w_2048 2048w, https://assets.hicloud.sg/gringotts/OSI_model_279fbc4b75.png?x-oss-process=image/format,webp/quality,q_90/resize,w_3840 3840w"
                    /></p>
<h3 id="bulb-what-is-a-web-request">💡 What is a web request?</h3>
<p>A web request (also just called a request) is a command given to the computer or system by a user. For instance, if you click on a link, a button, or enter some text, you&#39;re sending a request. The system will then process your request and respond accordingly, for example, by displaying a certain web page, saving data, or opening an application.</p>
<h2 id="how-do-ddos-attacks-work">How do DDoS attacks work?</h2>
<p>How can attackers send such a massive amount of requests simultaneously, and where does the traffic come from?</p>
<p>Attackers first infect computers or other internet-connected devices, such as connected cars and devices which are part of IoT, with malicious viruses. This allows the attackers to remotely manipulate others&#39; computers and/or devices. These compromised computers and devices, also called bots or zombies, will be used to send requests. </p>
<p>As a result, the target server will crash and become unavailable. Since these requests come from legitimate devices, it is difficult to tell normal traffic apart from malicious traffic.</p>
<p><img
                      data-original-url="https://assets.hicloud.sg/gringotts/D_Do_S_attacks_2_6e598b99e9.png"
                      alt="how DDoS attack work"
                      sizes="(max-width: 1024px) 100vw, 1080px"
                      decoding="async"
                      load="lazy"
                      style="cursor: zoom-in; transition: all 300ms ease-in;"
                      srcset="https://assets.hicloud.sg/gringotts/D_Do_S_attacks_2_6e598b99e9.png?x-oss-process=image/format,webp/quality,q_90/resize,w_640 640w, https://assets.hicloud.sg/gringotts/D_Do_S_attacks_2_6e598b99e9.png?x-oss-process=image/format,webp/quality,q_90/resize,w_750 750w, https://assets.hicloud.sg/gringotts/D_Do_S_attacks_2_6e598b99e9.png?x-oss-process=image/format,webp/quality,q_90/resize,w_828 828w, https://assets.hicloud.sg/gringotts/D_Do_S_attacks_2_6e598b99e9.png?x-oss-process=image/format,webp/quality,q_90/resize,w_1080 1080w, https://assets.hicloud.sg/gringotts/D_Do_S_attacks_2_6e598b99e9.png?x-oss-process=image/format,webp/quality,q_90/resize,w_1200 1200w, https://assets.hicloud.sg/gringotts/D_Do_S_attacks_2_6e598b99e9.png?x-oss-process=image/format,webp/quality,q_90/resize,w_1920 1920w, https://assets.hicloud.sg/gringotts/D_Do_S_attacks_2_6e598b99e9.png?x-oss-process=image/format,webp/quality,q_90/resize,w_2048 2048w, https://assets.hicloud.sg/gringotts/D_Do_S_attacks_2_6e598b99e9.png?x-oss-process=image/format,webp/quality,q_90/resize,w_3840 3840w"
                    /></p>
<h2 id="types-of-ddos-attacks">Types of DDoS attacks</h2>
<p>DDoS attacks target different layers and can be divided into the following types: </p>
<h3 id="infrastructure-layer-attacks">Infrastructure layer attacks</h3>
<p>Infrastructure layer attacks target <strong>Layer 3 and 4</strong> and happen more frequently, attempting to overwhelm the server with large amounts of data. Two common examples of infrastructure layer attacks are <strong>SYN flood</strong> and <strong>UDP flood</strong> attacks.</p>
<h3 id="application-layer-attacks">Application layer attacks</h3>
<p>Application layer attacks, on the other hand, focus on <strong>Layer 6 and 7</strong>, and are more complicated. This type of DDoS attack targets a specific part of an application to make it unavailable to users. </p>
<h2 id="common-ddos-attacks">Common DDoS attacks</h2>
<p>Here are some common attack types to look out for:</p>
<p><strong>ICMP flood attacks:</strong> Internal Control Message Protocol (ICMP) pings, or echo-request packets, are used to overwhelm a server or a network.</p>
<p><strong>UDP flood attacks:</strong> Massive amounts of IP packets which contain User Datagram Protocol (UDP) packets are sent, overwhelming ports on the host.</p>
<p><strong>SYN flood attacks:</strong> Attackers initiate but don&#39;t finalize a connection to a server in a rapid fashion. The server will then have to wait for half-opened connections, which causes it to waste resources and be unable to respond to legitimate traffic. </p>
<p><strong>HTTP flood attacks:</strong> HTTP GET or POST that appear to be legitimate are used on the target server or application.</p>
<p><strong>Slowloris attacks:</strong> Connections are opened between a computer and the target web server with partial HTTP requests. These connections are kept open for as long as possible in order to slow the server down.</p>
<p><strong>DNS amplification attacks:</strong> Queries that are initially small are amplified to be much larger by exploiting open DNS servers, thus bringing down the target server.</p>
<p><strong>NTP amplification attacks:</strong> UDP traffic is amplified using Network Time Protocol (NTP) servers that can be accessed by the public in NTP, overwhelming the target server.</p>
<h2 id="how-to-identify-ddos-attacks">How to identify DDoS attacks</h2>
<p>As DDoS attacks are nearly indistinguishable from the usual traffic received by a server or a network system, they are difficult to detect. However, they tend to exhibit the following symptoms:</p>
<ul>
<li>Inability to access any or certain websites</li>
<li>Denied access over a long period of time</li>
<li>Increase in spam</li>
<li>Unusually slow network (while opening files or accessing websites)</li>
<li>Unusual connection issues</li>
<li>Server disconnection, lag, and latency problems</li>
</ul>
<p>These symptoms may also be similar to availability problems, requiring further investigation and analysis to determine if a DDoS attack is indeed happening. The following signs regarding traffic indicate the presence of a DDoS attack:</p>
<ul>
<li>An unusually large amount of traffic from a single IP address or IP range</li>
<li>An unusually large amount of traffic from users who share similarities (e.g. using the same type of device, sharing the same geolocation, having the same web browser version, etc.)</li>
<li>Inexplicable rise of requests to a certain page or endpoint</li>
<li>Unusual traffic patterns (e.g. traffic surging at odd hours or every 30 minutes)</li>
</ul>
<h2 id="how-to-mitigate-a-ddos-attack">How to mitigate a DDoS attack?</h2>
<p>What can you do to protect against DDoS attacks? Here are 5 ways:</p>
<h3 id="1-differentiate-malicious-traffic-from-legitimate-traffic">1. Differentiate malicious traffic from legitimate traffic</h3>
<p>While limiting incoming traffic appears to be a logical solution, your web server or service will then be unavailable to legitimate users, which hinders your business activities. To differentiate malicious traffic from legitimate traffic, analyze the incoming traffic and compare the traffic that your server can normally handle with unusual traffic received.</p>
<h3 id="2-reduce-attack-surface-area">2. Reduce attack surface area</h3>
<p>To mitigate DDoS attacks, simply limit the options the attacker has by reducing the surface area that is vulnerable to attacks. Make sure not to expose applications or resources to minimize possible points of attack. For instance, you can use CDNs or load balancers to divert traffic to edge servers, and avoid overwhelming amounts of traffic coming into your server.</p>
<h3 id="3-scale-capacity">3. Scale capacity</h3>
<p>Transit capacity and server capacity are at risk during DDoS attacks. To defend against DDoS attacks, you can increase those to reduce the chance of your server or service becoming unavailable. Redundant internet connectivity and resources can also buy you time to further investigate malicious traffic and counter it with more specific measures. </p>
<h3 id="4-direct-traffic-to-scrubbing-centers">4. Direct traffic to scrubbing centers</h3>
<p>Scrubbing centers are used to mitigate malicious attack traffic and return clean traffic back to the network or server. They can effectively defend against DDoS attacks.</p>
<h3 id="5-configure-wafs">5. Configure WAFs</h3>
<p>A Web Application Firewall (WAF), when set up between the internet and the original server, can act as a reverse proxy to protect the server that is under attack. Commonly used for mitigating Layer 7 DDoS attacks, WAFs filter and block requests based on certain rules.</p>
<h2 id="hi-cloud-anti-ddos-solutions">Hi Cloud Anti-DDoS solutions</h2>
<p>As scary as it sounds, DDoS attacks can be thwarted with the right tools. Partnering with major cloud providers, Hi Cloud can help you plan your <a href="https://www.hicloud.sg/products/rebranded/anti-ddos">anti-DDoS protection</a> with products such as AWS Shield, Azure DDoS Protection, and Google Cloud Armor to meet your specific needs. <a href="https://hicloud.sg/contact-us">Contact our cloud security experts and book a free consultation now</a>.</p>


What exactly is a DDoS attack? How can it threaten our cyber security? What should we do under DDoS attacks? In this blog post, we will take a close look at one of the most common security threats and answer these questions to help you better guard against DDoS attacks. 

What are DDoS attacks and how do you defend against them?

Hi Cloud partners with 6 cloud platforms to provide cloud solutions to help your digital transformation, from IaaS and PasS to cloud migration and cybersecurity.

Hi Cloud

Get first-hand access to featured cloud computing articles on Hi Cloud.

Subscribe to our newsletters!

Company

Contact

Linkedin

Twitter

Facebook

Trending Products & Services

Financial Services

Big Data

Smart Retail

Education

Gaming

Transportation

Maritime

Blockchain

 Having assisted many enterprises in adopting cloud services, Hi Cloud has extensive experience in a number of industries.

Click to gain a deeper understanding of common challenges in various industries and our recommended solutions to overcome them.

Industries

Hi Cloud Observability

Hi Cloud Compass

Cloud Security

Live Streaming

Anti-DDoS

Featured Products

Professional Services

Cloud Migration

Cloud Managed Services

Internet of Things (IoT)

Machine Learning

Microsoft Copilot

Security

Web Application Firewall (WAF)

Cloud

Database

Media Delivery

Modern Workplace

Microsoft Modern Workplace

View technical content, blog articles on the newest cloud technology trends, and the latest news updates here.

Resources

Blog

News

With the rise of remote work and increasing complexity of cloud IT networks, the network edge has become more and more dispersed. As remote connections become common and add more points of vulnerability, traditional IT approaches no longer work to safeguard the entire IT network. The solution? Zero Trust Security, where all entities are untrusted by default to secure the dispersed IT network no matter the device or location. Read our overview for a deeper understanding of Zero Trust.

What is Zero Trust Security? | Cloud Security for the modern workplace

Microsoft Copilot for Security was released for general availability on April 1, 2024. What is the latest offering of Microsoft Copilot's suite of products, what does it do, and how can it help you safeguard your security? Find out in this article.

Introducing Microsoft Copilot for Security

Cyber security refers to the protection of systems that are connected to the internet, including hardware, software and data against cyber attacks. Cyber attacks and cyber threats can range from unauthorized accessing information and tempering data to extorting money and disturbing business operations. They can cause an organization or business serious damage. 

What is cyber security and why is it important?