Table of Contents
What is a DDOS attack?
A Distributed Denial of Service attack, also called DDoS, is a cyber-attack in which an enormous amount of traffic is sent to computers, computer networks or servers, making them unusable for the normal user. You can compare this with a traffic jam but on the internet.
A botnet is used to carry out a DDoS attack. This is a large network of computers that are infected with malware, for example. Botnets vary in size, with some botnets containing millions of infected computers.
From a central point, the hacker can control these computers to perform a specific task. For example, to continuously visit a certain website. As a result, the server capacity of the site becomes overloaded and the website not accessible to regular visitors. Botnets can paralyze entire IT infrastructures this way. Botnets are also used to send large volumes of spam, for example.
Therefore, it is important to secure your personal computer with good security software and update it when necessary. Without knowing it, you yourself can be an unintended part of a DDoS attack.
How does a botnet work?
Here’s how a botnet operates:
- A hacker infects end-user computers.
- The hacker then sets up a botnet.
- The hacker is paid for providing a botnet.
- The botnet is used to send spam or carry out a DDoS attack.
Botnets often operate on layer 7 – the “application layer” – of the OSI Model. This is the layer that connects users to the technology. By operating through this layer, the botnet can pretend to be a user, making it more difficult to stop an attack. Here are some examples of protocols that are applied to the application layer:
- HTTP: Used for regular internet traffic between your browser and the web server.
- SSL: Used for encrypted connections between, for example, your computer and the web server.
- FTP: Used for file transfer between your computer and the web server, for example, when downloading and uploading files.
- IMAP/POP: Used for retrieving emails from the mail server.
- SMTP: Used for sending emails from the mail server.
Hackers have multiple reasons for carrying out DDoS attacks. In most cases, one of the following two reasons apply:
Blackmail or extortion
Nowadays, you can rent a botnet on the “black market” for a few dollars to carry out an attack and demand money in order for the attack to stop. If you are ever extorted in this way, you should never respond to the criminal’s request and always report the matter to the police. Some people have the impression that the police do not know anything about the internet but in this type of
criminal activity, the action is usually taken by the digital specialists!
In addition to making money, DDoS attacks are mainly carried out because hackers have idealistic goals. For example, they disagree with the business operations or vision of a company. Governments or political parties also often become the targets of DDoS attacks.
Preventing DDoS attacks
Unfortunately, a DDoS attack can never be prevented. We can, however, take measures to keep their threat to a minimum.
Certain security software can classify and detect, for example, all traffic flow and sources on the network. In many cases, attacks are automatically repelled before the end-user even notices any changes.