A distributed denial-of-service (DDoS) attack is one in which a multiple of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users.
|
What is a zombie and a botnet?
The virus-infected computers are called zombies – because they do whatever work the DDoSer commands them to do. A large group of zombie computers is called a robot network, or botnet. Your computer could be part of a botnet without your knowledge. You might not notice any difference, or you might notice your computer is not as fast as it used to be. That’s because it may be busy participating in a DDoS attack at the same time you are using it. Or, you might find out that your computer is infected when your Internet service provider (ISP) drops your service because your computer is sending an unusually high number of network requests.
How does a DDoS botnet work?
Zombie computers in a botnet receive instructions from a command and control server, which is an infected web server. DDoSers who have access to a command and control (C&C or CC or C2) server can recruit the botnet to launch DDoS attacks. Akamai has identified thousands command-and-control servers and more than 10 million zombies worldwide. We track them and notify law enforcement to disable them when possible.
|
What are application layer 7 DDoS attacks?
Application layer 7 (L7) attacks may not create such high volumes of network traffic, but they can harm your website in a more devastating way. How an application-layer DDoS works is by activating some aspect of a web application, such as posting different user names and passwords, or targeting a shopping cart or search engine.
Many of the high profile e-commerce outages are the result of Layer 7 application attacks. The biggest issue is that Layer 7 attacks can change and randomize very fast. Anything a visitor can access an attacker can too – and it looks the same to an IT administrator. Application layer attacks can be especially tricky to mitigate, because you do not want to block legitimate users. But there are still ways to do it with DDoS mitigation software and hardware, such as rate limiting rules, CAPTCHAs, black listing IP addresses, and more. DDoS mitigation service technicians can monitor and analyze an attack while it’s happening to minimize damage.
|