While Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks have similar names and goals, there is a significant difference between the two, and that would be the number of systems involved in an attack. A single computer can independently launch a DoS attack, while a botnet of multiple systems is required to perform a DDoS attack.
Let’s take a closer look at the two to better understand the DoS vs DDoS issue.
A DoS attack is an attack designed to make a target application or system less able to respond to legitimate requests. This includes everything from degrading its availability to causing a complete crash.
DoS attacks can be performed in several different ways. For example, an attacker may exploit a vulnerability in a target application that causes it to crash. Since this takes the application offline, it is a DoS attack.
Another form of a DoS attack is more closely related to a DDoS attack. In this type of attack, the attacker uses a computer to send many spam requests to a target application or server with the goal of overwhelming it. Since any resources that the target application or server devote to handling these spam requests cannot be used for legitimate requests, the availability of the system decreases.
DDoS attacks are a scaled-up version of this second type of DoS attack. Instead of using a single computer, an attacker will use many different Internet-connected devices to launch a coordinated attack against a target application. The greater scale possible with these attacks makes them more likely to take a target system offline.
These DDoS attacks are typically performed using botnets, which are networks of computers under the attacker’s control. While botnets can be built using cheap cloud computing resources, it is more common for cybercriminals to build botnets from systems compromised during their attacks.
These botnets are typically composed of insecure and easily compromised Internet-connected devices. For example, Mirai built a botnet of 400,000 compromised devices at its peak by logging into devices using one of a set of sixty-one default login credentials. Other botnets take advantage of vulnerabilities in devices that are infrequently patched and updated, such as routers and Internet of Things (IoT) devices.
DDoS attacks can be accomplished in a variety of ways. The three main categories are:
DDoS attacks can be accomplished in different ways as well. For example, amplification attacks are a common method of performing volumetric attacks. In an amplification attack, the attacker sends traffic to a service (like DNS) whose responses are larger than the corresponding requests. By spoofing their IP address to that of the target, the attacker has more data sent to them than the attacker sends out, amplifying the impact of their attack.
DDoS attacks are performed by networks of machines that send spam requests to a target application or server. The best way to protect against these attacks is to deploy an anti-DDoS solution that identifies and blocks the malicious traffic before it reaches the target.
However, this scrubbing of network traffic can be difficult, depending on the sophistication of the attack. More sophisticated DDoS attackers will use traffic that is extremely similar to legitimate traffic. If a scrubber fails to block this traffic, then it does not adequately protect the target system. On the other hand, accidentally scrubbing legitimate requests does the attacker’s job for them.
Protecting against the DDoS threat requires a sophisticated DDoS protection solution capable of accurately identifying and blocking DDoS traffic while allowing legitimate traffic to pass through unhindered. Check Point DDoS Protector offers zero-day DDoS protection and can block a variety of DDoS attacks using multi-layered protection that is customized to the business.
DDoS attacks pose a significant threat to organizations, but they are only one aspect of the cyber threat landscape. To learn more about the cyber threats that organizations face today, check out Check Point’s 2021 Cyber Security Report. You’re also welcome to request a security checkup to help identify security gaps that might be leaving your organization vulnerable to DoS or other attacks.