July 22, 1999 is an unlucky date in computer history. That day, a computer at the University of Minnesota was suddenly hacked from a network of 114 other computers that infected a malicious script called ‘Trin00’. This code caused infected computers to send unnecessary data packets to the university, congesting the computer’s operations and preventing it from fulfilling legal requests.
This was the world’s first DDoS attack and it didn’t take long to spread. Numerous other websites, including Yahoo, Amazon and CNN, fell victim to such attacks in the months that followed.
DDoS attacks have become quite common since then. There were even those who turned this business into profit. People have emerged who have done a 24-hour DDoS attack on a single target for pretty decent sums.
The costs incurred by the victims are much higher. This can reflect on individuals and institutions as a loss of both income and reputation. As a result of these developments, security services emerged against the attackers and a market in this direction emerged. In 2018, this market reached a staggering 2 billion euros.
Today, 20 years after the initial attack, Eric Osterweil and colleagues at George Mason University in Virginia; They are investigating the nature of DDoS attacks, how they evolve, and what can be done to make it more secure with network architecture, and the landscape is not very encouraging for them.
How do DDoS attacks happen?
DDoS attacks usually occur gradually. In the first stage, a malicious intruder infects a computer with software designed to spread over a network. This first computer is known as the ‘master’. Because the virus can control the next computers infected. Other infected computers carry out the actual attack and are known as ‘daemon’. The most common victims at this initial stage are university or college computer networks because they connect to a wide variety of other devices.
A DDoS attack starts when the host sends a command to partitions containing the target’s address. The daemons then try to send a large number of data packets to this address. The goal is to flood the target with traffic for the duration of the attack. The biggest attacks today send malicious data packets at terabits per second.
How to protect against DDoS attacks?
This type of attack is difficult to defend against because it requires concerted actions by a range of operators. The first line of defense is to prevent the daemon network from being created in the first place. This requires system administrators to regularly update and fix the software they use, and to educate and alert users of their network about security (changing passwords regularly, using personal firewalls, etc.).
Role of Internet service providers:
Internet service providers can also provide defense. Their role is to forward data packets from one part of a network to another based on the address in the header of each data packet. This is often done regardless of where the data packet comes from.
However, this may change. The header contains not only the destination address, but also the source address. So, in theory, it’s possible for an ISP to examine the originating address and block packets containing obviously bogus resources.
How can the target itself take action?
Finally, the target itself can take steps to mitigate the effects of an attack. The most important step is to filter out incoming erroneous data packets. Another option is to outsource the issue to a better-equipped cloud-based service to deal with such threats. But even these can have difficulty dealing with the biggest attacks.
An important observation about DDoS attacks; that attack and defense are asymmetrical. A DDoS attack is typically launched from many services around the world, and yet the defense is largely in one place.
These and other ideas have the potential to make the internet a safer place. However, all individuals and institutions, from the first user to the internet service providers, must be willing and bear the necessary financial and physical burden.