Some days before, Akamai recorded the largest DDOS record ever in the history which tried to target the largest European bank. Unfortunately, Akamai rescued it.
Yesterday, Cloudflare releases a report in which it’s system detects a DDOS attack at a rate of 754 million packets per second. This attack was then regarded as the second highest and even dangerous DDOS attack after the case of Akamai.
As stated in their report, this attack was part of an organized four day campaign starting on June 18 and ending on June 21 through which Cloudflare was successfully able to mitigate this DDOS attack. The team also said that the traffic was sent from 316,000 IP addresses towards a single Cloudflare IP address. At the end, the Clouflare systems were successful in stopping the attack which are proxied through their server using some AI bots and load balancing techniques.
Let’s analyze how this attack was performed
EXPLAINATION OF THE ATTACK
If you have some knowledge about how internet works, then you must know that when you surf or visit a particular website, a handshake take place at the transport layer using TCP(Transmission Control Protocol) unless or until you are streaming some videos which use UDP(User Datagram Protocol). So what happens is a handshake takes place within client(your browser) and the web server you are trying to approach.
The handshake initiates by client who sends a SYN packet to the end server. Server receives the response and if it find it legitimate it reverts back with a SYN-ACK. Then Client sends an ACK packet which ultimately completes their handshake and then client request the data(webpage or anything) it wants. This handshake is done only once per session.
So the game lies here that, attackers are smart. They just send a SYN, ACK or just SYN-ACK packet and do not initiate the further communication. Imagine if at a particular time millions of clients are sending the same packet? Analyze this situation with that of office with so much of working load and less number of employees, then what happens is that the organization is not able to do work and thus fails to provide assistance to its clients. Similar is the relation between a client and server. If there are more clients at a particular time that server resources alone cannot handle, then server just crashes. The attackers behind this attack tried to do the same. They tried to send a load of these packets, causing flood of packets at all the device which lie on the internet line, utilizing more server resources and causing memory overflow, making the server unresponsive for the legitmate handshakes.
CONCLUSION
As we all know in the worldwide outbreak, the cybercrime rates all over the world have increased with a much greater rate. Due to the fact that the number of phishing and DDOS kits are cheaply available in the dark mark, even un professionals are trying to make this happen for their own benefits, causing great losses to big enterprises. The extent of losses that these DDOS attack can do depend upon the bot network working behind them. The larger is the botnet, the bigger is the loss. To prevent these DDOS attacks :
- Use a reverse proxy server that can minimize the load onto the end server.
- Use firewall that can filter the HTTP request and blocks malicious.
- Use a content delivery network.
