The acronyms DoS and DDoS were one of the first terms used by administrators to refer to threats posed to networks and network services offered on the Internet as early as at the end of the 20th century. Ping Of Death, Smurf and SYN Flood attacks were responsible for a number of successful attempts to stop the availability of services on the Internet. The DoS acronym means Denial-of-Service. There is also its another version implemented by multiple sources simultaneously, namely DDoS, which stands for Distributed Denial-of-Service (DDoS). Nowadays, (D)DoS attacks are more and more frequently used to disrupt the operation of the largest services and websites belonging to banks, telecommunication companies or transaction portals. They are often capable of blocking access for many hours or even days. For businesses, such unavailability means losses of financial resources valued at many millions and often damage to the image that they have been building for many years.
Therefore, the effective fight against them is not only a matter of evaluating the losses resulting from temporary unavailability but also a necessity which ensures the existence of a company.
The effective protection against DDoS attacks requires the application of various security mechanisms. Among the most popular mechanisms, we can find:
One of the common mistakes is the belief that a DDoS attack can be stopped using the systems such as firewall, IPS or router mechanisms. The systems based on statefull inspection mechanism are susceptible to DoS attacks – such an attack exhausts hardware resources, which results in blocking the device. Routers are often not able to process a large number of small and deformed packets – an attack that uses such packets not only exhausts the connection but in many cases it causes the crash of the router. Since most DDoS attacks exhaust the connection, it would be an optimal idea to install a part of the anti-DDoS system also on the side of the telecommunication operator so that the attack is stopped before accessing the connection with the Client.
Apius offers the following services to its Clients:
DDoS attack resistance audit The following activities are carried out as part of the resistance audit:
A professional traffic generator is used to carry out the volumetric tests. This device is able to generate almost any volume of traffic. The generator can simulate both classic network attacks and DDoS/DoS attacks. As in the case of Botnet, a DDoS attack can be launched from a very large number of source addresses. Apart from simulations of attacks, the device is also able to simulate the correct network traffic, for example, it can generates a very large number of active sessions or HTTP requests. The sessions can be directed to real servers, but they can also be terminated on the same device (the device can be both a generator and a receiver).
The generator described above is used to simulate real DoS/DDoS attacks on the tested server infrastructure, which is situated in the actual production infrastructure of the Client's Internet interface. The conducted tests include simulated attacks both in the network layer and in the application layer.
Usually, the tests involve 3 scenarios:
A simplified scenario of testing the entire infrastructure of the Internet interface is presented below. During the test, the device that generates traffic is connected to the Internet interface. The test of the entire infrastructure will check the reaction of the whole system to the DDoS attack.
The figure below shows a model of a possible attack on the Client's resources created with the use of the traffic generator.
In order to test the reaction of the system to a DDoS attack, that would reflect a real attack from the Internet as much as possible, the traffic generator should be installed at the Internet interface. The attack performed in such a way enables verification of the operation of the entire network infrastructure. When the attack is generated, not only the resistance of the devices but also their reaction and the manner in which they alarm about the real threat (logs, alerts, communication with other systems) is checked. It should be noted that the detailed methodology of each audit is different and is always adapted to the individual needs of each Client.
The DDoS attack resistance audits enable: