What is a DDoS Attack and How Does it Work?
A Distributed Denial of Service (DDoS) attack is an attempt made to crush an online system or a web server by overwhelming it with data. The reason behind a DDoS attack could be revenge, a simple mischief or hacktivism. These attacks can range from a minor annoyance to long-term downtime resulting in business loss.
DDoS Attacks Types
1. SYN FloodThis type of DDoS attack exploits a known weakness in the TCP connection sequence (the three-way handshake), in which a SYN request to initiate a TCP connection along with a host will have to be answered by a SYN-ACK response from that host. This should then be confirmed by an ACK response from the requester. In a SYN flood scenario, multiple SYN requests are sent by the requester, but either does not respond to the host’s SYN-ACK response or sends the SYN requests from a spoofed IP address. However, the host system continues to wait for credit for each of the requests, binding resources till no new connections can be made, and eventually resulting in denial of service.
2. UDP FloodsA UDP flood is a type of DDoS attack that floods a target with User Datagram Protocol (UDP) packets. This attack aims at flooding random ports on a remote host. This causes the host to repetitively check for the application listening at that port and reply with an ICMP ‘Destination Unreachable’ packet when no application is found. This process saps host resources, which can eventually lead to inaccessibility.
3. Ping of DeathIn a ping of death (POD) attack, the attacker sends multiple malformed or malicious pings to a computer. An IP packet’s maximum packet length is 65,535 bytes. However, the Data Link Layer generally poses restrictions to the maximum frame size, for instance, 1500 bytes over an Ethernet network. In this situation, a huge IP packet is divided across multiple IP packets (called fragments), and the recipient host reassembles the IP fragments into the complete packet. In a Ping of Death scenario, after a malicious manipulation of fragment content, the recipient gets with an IP packet which is bigger than 65,535 bytes when reassembled. This can result in overflow of memory buffers allocated for the packet, causing denial of service for genuine packets.
4. SlowlorisThis is a highly-targeted DDoS attack allowing one web server to take down another server, without disturbing other services or ports on the target network. This is achieved by holding as many connections as possible to the target web server open for a very long time. It achieves this by developing connections to the target server but sends just a partial request. Slowloris continuously sends more HTTP headers, but never actually completes a request. The targeted server keeps all these false connections open. This ultimately overflows the maximum concurrent connection pool, and results in denial of extra connections from genuine clients.
Get Comodo cWatch to Prevent DDoS Attacks
You can prevent DDoS attack through manual security planning, however, it could be much more time consuming and easier if you have your own DDoS prevention tool. This should be considered because DDoS attacks can take place anytime.
As an efficient solution to prevent DDoS attack, cWatch is one big web security bundle that once installed will be able to successfully remove all types of attacks and also prevent any planned ones. Let’s take a look at the key features offered by the Comodo cWatch Web.
Features offered by Comodo cWatch:
- Comodo Web Application Firewall (WAF)The Comodo WAF is capable of eliminating application vulnerabilities and protecting websites and web applications from advanced attacks like DDoS, Cross-Site Scripting, and SQL Injection. Globally-distributed Anycast network allows efficient distribution of traffic. Furthermore, it also blocks all nonHTTP/HTTPS-based traffic, with a current network capacity in excess of 1 TB/s. Each PoP has multiple 10G and 100G ports, designed to scale and absorb extremely large attacks.
- Comodo Cyber Security Operations Center (CSOC)The Comodo CSOC is made up of certified security analysts responsible for monitoring, assessing and defending websites, databases, data centers, applications, networks, desktops, servers, and other endpoints for customers. The CSOC employs the cWatch technology to detect and examine threats and then executes the necessary actions that will help maintain optimal security.
- Comodo Security Information and Event Management (SIEM)Comodo cWatch Web is available with an advanced analytics-driven SIEM process capable of examining event data in real time and providing security intelligence for the early detection of threats and breaches, log management, rapid incident response times, and compliance reporting. All this is achieved by aggregating data from more than 85 million endpoints and 100 million validated domains and then incorporating it with contextual information about assets, latest threats, users, and existing vulnerabilities so that it can be examined, and actionable insights can be generated. The Comodo SIEM also collects, stores and logs data for proper forensics and threat resolution.
- Comodo Secure Content Delivery Network (CDN)Comodo’s secure CDN is a network of globally distributed servers that have been specifically designed to enhance the performance of web applications and websites by delivering content using the closest server to the user and is proven to increase search rankings.
- PCI ScanningAs a DDoS prevention tool, Comodo cWatch Web provides online merchants, businesses, and other service providers handling credit cards online with a simple and automated way to stay compliant with the Payment Card Industry Data Security Standard (PCI DSS). It secures payment cardholder information from possible security breaches via a meticulous network and application scans to detect and fix security vulnerabilities.
- Malware Detection, Prevention and Removal ServiceThe Comodo malware detection scanning, preventive methods and removal services allow organizations to adopt a proactive approach that will help protect their business and brand reputation from malware attacks and infections. Besides detecting and fixing malware, cWatch Web also stops threats even before they hit an organization’s network. Comodo’s advanced security analytics engine that monitors increasing threats across the world is combined with real-time data from web traffic in order to provide early warnings and indicators to recognize and block new threats, delivery techniques, and zero-day vulnerabilities.
