A DDoS attack, which stands for “distributed denial-of-service” is a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.
Once a DDoS starts on one computer, it will spread to others in the same network, leading to catastrophic failure.
This type of attack takes advantage of the specific capacity limits that apply to any network resources, such as the infrastructure that enables a company’s website. Usually, the attacker’s ultimate aim is the total prevention of the web resource’s normal functioning. In the case of a website or app, you would be unable to access the site. The attacker may also request payment for stopping the attack. In some cases, a DDoS attack may even be an attempt to discredit or damage a competitor’s business. This is why precautions should be taken.
DDoS attacks come in many different forms, from Smurfs to Teardrops, to Pings of Death.
TCP Connection Attacks - Occupying connections
These attempt to use up all the available connections to infrastructure devices such as load-balancers, firewalls and application servers. Even devices capable of maintaining state on millions of connections can be taken down by these attacks.
Volumetric Attacks - Using up bandwidth
These attempt to consume the bandwidth either within the target network/service, or between the target network/service and the rest of the Internet. These attacks are simply about causing congestion.
Fragmentation Attacks - Pieces of packets
These send a flood of TCP or UDP fragments to a victim, overwhelming the victim's ability to re-assemble the streams and severely reducing performance.
Application Attacks - Targeting applications
These attempt to overwhelm a specific aspect of an application or service and can be effective even with very few attacking machines generating a low traffic rate (making them difficult to detect and mitigate).
The most obvious symptom of a DDoS attack is a site or service suddenly becoming slow or unavailable. But since a number of causes, such as a legitimate spike in traffic, can create similar performance issues, further investigation is usually required. Penetration Testing offers a safe and in-depth attack simulation to expose the most complex vulnerabilities. Penetration Testing Traffic analytics tools can help you spot some of these telltale signs of a DDoS attack:
There are other, more specific signs of DDoS attack that can vary depending on the type of attack.
DDoS attacks vary greatly in length and sophistication. A DDoS attack can take place over a long period of time or be quite brief. Despite being very quick, burst attacks can still actually be extremely damaging. With the advent of internet of things (IoT) devices and increasingly powerful computing devices, it is possible to generate more volumetric traffic than ever before. As a result, attackers can create higher volumes of traffic in a very short period of time. A burst DDoS attack is often advantageous for the attacker because it is more difficult to trace.
DDoS attacks are mainly a problem seen in the traditional cybersecurity world, but how does this relate to crypto and blockchain? Due to its digital nature, blockchain is susceptible to attack and exploitation. In theory, having a decentralized network distributing computing power worldwide should eliminate single points of failure such as servers or apps. DDoS attacks on a blockchain focus on the protocol layer, with the biggest threat to blockchains being transaction flooding. Traditional DDoS attacks can be executed against a blockchain to slow its operations, and attackers can work within the blockchain ecosystem to perform a DDoS attack.
Most blockchains have a fixed block size and limit how many transactions fit into a block. By sending spam transactions to the blockchain, attackers can fill the blocks and hinder legitimate transactions from being added to the chain. When this happens, all legitimate transactions will end up in the mempool, waiting for the next block. Legitimate transactions not being added to the blockchain is already a system failure.
With the rise of applications of blockchain technology, a new type of DoS attack emerged — a blockchain denial-of-service (BDoS) attack. These attacks focus on blockchains operating under the proof-of-work (PoW) consensus mechanism like Bitcoin.
Unfortunately, cryptocurrency exchanges have become increasingly targeted by DDoS attacks because of their growing popularity. Since 2020, there have been numerous DDoS attack attempts on some of the major crypto exchanges. Unfortunately, this renders the exchange’s services unavailable for a prolonged period of time.
In the early to mid-2000s, this kind of criminal activity was quite common. However, the number of successful DDoS attacks has been reducing. This decrease in DDoS attacks is likely to have resulted from police investigations that have resulted in the arrest of criminals across the world and technical countermeasures that have been successful against DDoS attacks. However as the types of attacks evolve, the ways to prevent them will as well as the never ending cyber war wages on. Though the impact of DDoS attacks aren’t severe, they still put a dent in the whole crypto ecosystem.
The primary ways to defend against them are to ensure that nodes have adequate storage, processing power, and network bandwidth as well as building failsafes into the code. Generally, the more decentralized a blockchain network is, the more secure it is against a DDOS attack. CertiK’s Skynet monitors on-chain activity and can alert if an attacker is flooding transactions into a smart contract or chain. It is vital to stay alert to potential threats. By always being prepared for potential disasters, you should be able to prevent catastrophe.