What is Ddos
DDOS, also known as Distributed Denial of Service, is a situation of sending multiple requests to websites with a certain capacity. An overloaded website temporarily crashes and becomes dysfunctional.
How to Perform a DDOS Attack?
Just as Web servers have a certain capacity to respond to incoming requests, there is a certain bandwidth limit on the channels connecting to websites. has. With a DDOS attack, servers or websites begin to respond slower to incoming requests. Therefore, the server or the website has become too busy and has become very slow. So much so that it becomes unusable.
Some servers and websites also reject all incoming requests. The reason he does this is that he wants to protect the system. We would like to briefly talk about DDOS attack types. Thus, you can more easily see what kind of danger you are facing.
Reflective DDOS Attack:
The attacker sends packet content to the servers of the IP address he has chosen as the target. Servers cannot verify the source of incoming packets, called UDP. The reason is that the attacker skillfully hides his IP address. The source IP address cannot be verified and the packet is concentrated on the targeted IP address through multiple servers. This type of attack is called a reflection attack or Reflected DDOS.
Amplification Attack:
50 gigabit traffic can be produced using 1 megabit bandwidth. In theory, such a process is possible. We say in theory because it varies depending on the service where the attack will occur. Data packets upgraded using DNS are sent to the destination IP address. These types of attacks are generally carried out using the UDP port.
Using Botnet (Zombie) Virus:
The hacker infects more than one computer with a virus to attack the target IP address. Thus, the zombie network is established. The attacker, who can control all actions on these computers, attacks the targeted computer by taking advantage of zombie computers.
Volume-Based Attacks:
This type of attack, called Volume Based, is the most commonly applied method. It is done by spoofing UDP, ICMP and DDOS packets. The aim of the attack is to saturate the bandwidth of the target system and overload the system.
Application Layer Attacks:
This is a type of attack that uses vulnerabilities in the OpenBSD or Windows operating system. It is a very difficult type of attack to detect.
Protocol Type Attacks:
These are attacks made by taking advantage of the weakness in the layer called OSI (Open Systems Interconnection). It generally exploits weaknesses found in layer 3 or layer 4. The method called TCP Syn Flood is the most common type of attack.
Syn Flood Type Attacks:
A TCP packet with a SYN flag above its capacity is sent to the targeted system and the system is rendered inoperable. It is an attack generally carried out against Web servers. Because of this type of attack, web pages become unusable.
How to Prevent a DDOS Attack?
It is not possible to completely prevent DDOS attacks. However, by taking some precautions, the attack can be eliminated, at least partially. These measures are listed below:
Website owners must have a good network infrastructure. Additionally, it would be beneficial for site owners to have sufficient TCP/IP knowledge.
Packets sent for attack purposes first arrive at distributors called Routers. Therefore, the effect of attacks can be reduced with some adjustments on the Router.
The “Rate Limiting” feature must be activated through the firewall. This feature limits data packets from a specific IP address.
System updates should be made in a timely and complete manner.
It will be useful to use antivirus programs with high security features.
In particular, e-mail traffic must be taken under control. A possible attack can be prevented by making the necessary filter settings.
DDOS Attacks Have Become More Dangerous Today
A DDOS attack was carried out against Turkey on September 28, 2019. In the attack targeting certain institutions, many people could not access the internet and some institutions could not access their websites. In fact, some mobile phone operators were temporarily unable to provide service.
The 100 GB DDOS attack once again proved how dangerous and unpreventable this type of attack is. According to the research, the countries most exposed to cyber attacks in the world are; It was announced as America, Brazil and Turkey.
Do Antivirus Programs Work?
Antivirus programs work up to a certain point. For example, firewallThey create boundaries and limit external connections. However, they are mostly vulnerable to many types of DDOS. If you use free antivirus programs, you may be vulnerable to many attacks because you cannot use all the features of the program. In paid versions, virus programs will protect you against many negativities. Institutions generally have their own special virus protection programs. These programs, which are quite expensive, provide the highest level of protection. However, world-famous hackers or hacker groups will definitely find a vulnerability in the system.
Does Firewall Prevent DDOS Attacks?
Firewall systems control traffic on the network. They control incoming and outgoing data on the network according to certain protocols and rules. They decide which data packet will be accepted and which will be rejected according to the commands or options given. In this respect, Firewall systems have the capacity to prevent many attacks before they occur.
Nowadays, with more advanced protection systems, security walls are used. Devices called UTM (Unified Threat Management) have become very popular lately and are used by many institutions. However, even advanced systems are temporarily helpless against an advanced DDOS attack.