In a DDoS (Distributed Denial of Service) attack, the computer system is simultaneously attacked from various sources with the intention to engage all its free resources and thus disable its operation. DDoS attacks are one of the largest threats in the modern world. They threaten many companies, online stores, government agencies, financial institutions, and consumers. While the cost of launching the attack is low (a few hundred zlotys), the generated losses may be of the order of millions. The main objective of the cybercriminals is to steal sensitive data. The consequences of DDoS attacks reach further than IT departments only. They result in real and measurable financial losses, as well as in damage to the company’s image.
In recent years, the attacks have evolved to become more complex and sophisticated. They attempt to engage all free network-infrastructure or Internet-link resources. The form and volume of the attacks may vary. They may be aimed at various UDP and ICMP protocols, SYN/ACK, DNS, and Layer 7.
There are two categories of people: those who have protection and those who are going to have it. Do not rely on your luck and deploy DDoS protection now!
Activation of DDoS protection
To activate the protection, it is necessary to change the DNS records and thus redirect the whole HTTP/HTTPS to our filtering layer. That is where each packet and request is thoroughly inspected. Advanced algorithms and properly defined rules filter out malicious traffic and attack attempts, so that only clean traffic reaches your page. Our sites are located in various parts of the world, so we are able to effectively block the attacks at their source and provide static data from the nearest data center, thus reducing the page loading time.
What attack types do we protect against?
Grey Wizard effectively mitigates both network-level and application-level attacks. We use advanced algorithms to continuously monitor any potential threats. Our system learns new attack types all the time. They are automatically added to the knowledge base available to all our customers.
We provide security against types of attacks:
- TCP (Reset) RST attack
The attacker sends false RST packets which may result in breaking an already established TCP session. If such packets are numerous, the link and the victim’s server may become very overloaded.
- TCP Fragmentations
These are network-oriented attacks which exploit the TCP protocol feature enabling large packets to be divided into smaller ones. The attack consists in overloading the victim’s server by sending a large number of fragmented packets. In many cases, such attacks are directed at systems particularly vulnerable to errors in processing fragmented packets.
- UDP Flood
This is a volume-based attack using UDP packets. Recently, such attacks have been typically launched with amplification, which means that a forged packet is sent to another server which in turn sends the response to the attacked server. For that purpose, services such as NTP or DNS are used.
- ICMP Flood
In this type of network-oriented attack, the victim is flooded by a large volume of ICMP packets. In many cases, the packets are spoofed (indicate a false sender address), large, and sometimes also fragmented. In consequence, the link throughput may be used up completely or the server or devices in front of it may be very overloaded.
- Reflected ICMP & UDP
Similarly as with ICMP Flood, this attack attempts to maximally utilize the victim’s link by sending a large volume of data (UDP or ICMP packets) requiring responses. However, in this case, the reflection effect is used. To increase attack volume, the attacker sends forged packets which indicate as the source the victim’s server. Those packets are sent to other servers on the Internet and the responses come to the victim’s server.
It is an attack against web servers, exploiting their vulnerabilities. The attacker sends partial HTTP requests to an application server in order to force it to maintain many sessions and timers (measuring the time to respond to the unfinished request). Through slowly and relentlessly sending vast numbers of HTTP requests, it is possible to block the server by exhausting the available resources like threads or ports, making it unable to handle new requests. In many cases, this type of attack is so effective that access to the service becomes completely blocked within seconds.
- Local File Inclusion (LFI)
Atak LFI może zostać wykorzystany do przejęcia danych z serwera, uruchomienia na nim nieautoryzowanego kodu, a w rezultacie uzyskania dostępu do serwera ofiary.
- HTTP GET/POST Flood
It is a typical applica on-oriented attack aiming at overloading the victim’s server and thus limiting access to it. In case of dynamic applications, such requests may severely overload the HTTP server, interpreters, and databases. Some servers can be overwhelmed by generating session files for each request. A different method of using non-existing URLs or random parameters can omit the caching layer, causing much higher resource consumption.
- HTTPS SQL Injection
In the SQL Injection (SQLi) attack, additional procedures are injected into an SQL request generated by an application and submitted to the database for execution.
- HTTPS Cross-site scripting (XSS)
- Bots and scripts
Webpages are often visited by automated agents of various types, used to collect data (e-mail addresses, logins, phone numbers), steal contents (exclusive texts or pictures), or automatically test vulnerability to potential attacks. The data so obtained can be often used to attack the website users and the information on the potential vulnerabilities can be ultimately used to attack the website itself.
Why should you have the Grey Wizard protection?
- Fast integration
- 24/7 support
- Load balancing
- Protection against new attack types
- Content Delivery Network (CDN)
- Real-time alerts
- High-capacity links/li>
- Advanced anomaly-detection algorithms
DDoS attacks are among the largest cyberthreats. Also, they are among the most often launched. DDoS attacks paralyze the network infrastructure, disabling webpage operation. Due to a low cost of launching DDoS attacks, they are more and more often used to capture sensitive data. A cyberattack may generate losses measured in millions and seriously damage the company’s image.