DDoS attacks

A DDoS (distributed denial of service) is a type of attack on computer systems with the deliberate aim of making them unavailable. This can have far-reaching economic consequences for the victim. Unlike a straightforward DoS attack, in case of DDoS the system is attacked by many distributed computers. The attack can occur at the network level, application level or at a combination of both. These attacks generally involve the use of botnets (a huge number of « hijacked » systems that can be controlled remotely by the attacker) or misconfigured third party systems (for example Open DNS Resolver), which were forced by the attackers to send huge replies to the « wrong » addresses, namely to the target (amplification attacks). The data volume often reaches several hundred gigabits. Generally, a single organisation cannot cope with volumes of this size without external assistance. Firewalls and IPS (intrusion prevention systems) that have been configured accordingly offer limited assistance only.

The motivation behind such DDoS attacks is mostly political activism, extortion or damaging competitors.  

An inaccessible website could mean a substantial financial loss for the website owner, especially if the attacked website is commercial. A DDoS attack is often accompanied by a monetary claim. The blackmailer demands money for stopping an existing attack or for not starting it. The fraudsters speculate that the victim pays to prevent negative consuequences derived from such an attack.

Effects and risks

  • Any organisation can be hit by a DDoS attack
  • Outage of the website
  • Loss of reputation
  • Loss of money
Measures
  • Preventive measures
    Ideally, you have already tackled the DDoS threat at an early stage and have established a certain preparedness for DDoS attacks.

  • Countermeasures in the event of an attack
    The main aim in a DDoS is to show the attacker that it has not achieved its objective. If you withstand the attempt long enough, the attacker typically will turn its attention to someone else. In case of DDoS attacks we recommend to get in touch with your internet service provider and the corresponding upstream provider, because these entities have the best posibilities for an intervention.

  • A complete checklist about preventive measures and countermeasures in the event of an attack you will find here.
 

Last modification 28.10.2016

Top of page

https://www.melani.admin.ch/content/melani/en/home/themen/DDoSAttacken.html