Denial of Service Attacks

From GamingDeluxe Wiki
Jump to: navigation, search

Definitions

Denial of Service

More commonly known as a DoS attack.

A DoS attack is a form of attack which targets the network, a DoS originates from one location, is typically much smaller than a DDoS, but can still have very negative consequences.

Distributed Denial of Service

More commonly known as a DDoS attack.

A DDoS attack is very similar to a DoS attack, except for the fact that it comes in from a variety of locations, this can mean the attack is much larger, and much harder to trace and mitigate.

Attackers can also spoof the IPs used, meaning the IPs logged as attacking are made up to hide the real IPs.

Types of Attack

Attacks can come in different varieties, each having different sizes and affects, although, in the end, the goal is to take the server offline by flooding it with too much traffic, thus genuine traffic is much slower, or is dropped due to congestion and overloading.

Wikipedia has more information regarding types of attack and their affects here.

Typically the simplest attacks are the most common, UDP floods and the like, this is because you can purchase access to tools disguised as network stress testers.

Some of the most devastating attacks are NTP and DNS amplication, this can easily get up to over 100gbps, although most services are not as vulnerable any more due to firewalls blocking ports, filtering, and security holes being patched.

How they work

A good analogy of how it works is to think of your network as a bridge, and cars as packets.

The bridge can take 10 cars/minute, a DoS/DDoS tries to send over 100 cars in a minute, this causes traffic jams, some cars get through, but it takes much longer due to the congestion, some cars might turn around and say they couldn't make it across.

An attack can overload the processor too, as some NICs do not have their own processor, the main CPU has to process the packets, however, most modern machines have a processor on the NIC, albeit much less powerful than the main processor, which can lend a hand in some cases.

The point of the attack is to take your server offline, whilst it remains switched on, it cannot communicate effectively over the network, so becomes offline - it denies service, hence the name.

Protection

Attacks are very hard to protect from with 100% success, at GamingDeluxe, we have several features in place which help us.

GamingDeluxe Protection

DDoS Filtering

This attempts to scrub malicious packets before they even reach our network, however, in some cases, it can be too aggressive and filter legitimate packets as well, however, it does keep the server online and protects our network from the vast majority of problems.

Rate Limiting

If an attack does get through, or an attack occurs on an unprotected IP, we have rate limiting which will stop anything over 1gbps reaching us.

IP Nulling

See: IP Null


Exceptions

Sometimes attacks can get through, however, this is normally when the attack is too small to be picked up by filtering, this will normally only affect the server it is aimed at at most.

In the case of the filtering being too strict, or not strict enough, typically only the target is affected, the IP, or the server, either by too much getting through, or too much being filtered.

What can be done?

Not much to stop someone launching an attack, due to the nature of the internet, and how easy it is to purchase and access tools, however, most protection is reactive, and we do have the tools to help minimise disruption, although disruption cannot always be avoided.