Whether you’re in the cybersecurity sphere or a working professional who uses technology on a daily basis, it’s probably good to know the difference between a DoS and a DDoS attack. While both attacks share the common goal of flooding a server or service by overwhelming it with traffic, the method of execution is quite different. As a result, the means of addressing and preventing them also vary.
What is a Denial of Service attack?
A Denial of Service (DoS) attack is an attempt to flood a target resource – be it a website, server, or network – with more requests than it is capable of handling. This results in either degradation of performance or total system crashes. Whatever the outcome, the goal is the same: to prevent users or maintainers of a service from accessing it.
An easy way to visualize a DoS attack is to imagine that an internet service or website is a glass of water with a bunch of straws in it that is constantly being refilled by a tap. In this metaphor, the tap is the server and network that connect users with the service, the water represents the ability to use the service, and drinking the water is the act of taking up bandwidth by using the service. Normally, the tap is set to refill the glass at roughly the rate at which people are drinking from the glass, keeping the water at a certain level within the glass to allow people to drink continuously. A DoS attack is the equivalent of one person drinking the water faster than the tap can refill it, depriving anyone else of the ability to drink water.
In the case of a normal DoS attack, the packets intended to overwhelm the target are coming from one source. This makes the source of the attack relatively easy to identify, and therefore makes the attack relatively easy to stop: the maintainers of the service can simply use a firewall to block the offending IP address from accessing the service, and the service should return to normal.
How is a Distributed Denial of Service attack different?
A Distributed Denial of Service (DDoS) attack attempts to accomplish the same goal: “denying” access to the service by overwhelming its resources. The difference is that a DDoS is distributed, meaning that the malicious traffic originates from more than one source. While less sophisticated DDoS perpetrators might simply use multiple computers or IP addresses, a more sophisticated hacker can utilize a botnet to make restoring the service to normal operation vastly more difficult. A botnet is a large network of devices that have been programmed, usually through the distribution of malware, to perform tasks as commanded by the hacker, in this case known as the “bot herder,” remotely.
Essentially, a hacker hijacks hundreds or thousands of computers to perform a massive version of a DoS that is much more difficult to pinpoint or prevent. Using the glass of water metaphor from above, a normal DoS can be stopped by simply taking the offending straw out of the glass. In the event of a DDoS, multiple straws combine to overwhelm the glass completely, with others often taking the place of others as soon as they are removed. This makes addressing the problem much more difficult, and the solutions are much more complex.
How to stop these attacks
For businesses looking to protect themselves from cybercrimes, having a robust cybersecurity team with professionals qualified through cyber security masters online and similar programs is imperative.
The most common solution used by popular services run by large corporations or governments is to over-provision bandwidth. Using the glass metaphor, these services simply turn up the tap so high that no amount of straws can keep the glass empty. This works at a certain scale, but it is very difficult for smaller companies to achieve. This is one reason cloud service providers, also known as hyperscalers, have gained popularity with small and even medium-sized companies.
Hyperscalers employ content delivery networks (CDNs): they operate the service over a wide range of servers or datacenters across the world that allow them to both better endure a DDoS by increasing the available bandwidth, and also allows them to segment the attack, making it easier to filter and limit traffic closer to its source.
Hyperscalers also often employ other safety measures like traffic scrubbing and rate-limiting techniques, allowing them finer control over who is or isn’t allowed to access the service. For more complete solutions, some companies will turn to specialized network security solutions like Cloudflare to provide state-of-the-art protection from malicious traffic. Some even work with internet service providers (ISPs) to implement uplink filtering at the network level, allowing IP addresses with a history of malicious traffic to be blocked from accessing the network.
There was a time when DDoS attacks were much more frequent and successful than they are now. With the dawn of hyperscalers like Google and Amazon and specialty providers like Cloudflare, the risks of most DDoS attacks can be easily mitigated. With that said, there is always a more ambitious bot herder with a larger botnet out there somewhere, and the battle against hackers is ongoing. Luckily, at present, even the most sophisticated attacks recorded can be successfully combated with existing technology. But for how long? Only time will tell.
