DDOS Attacks and Null Routing

What is a DDOS Attack?

DDOS is short for Distributed Denial of Service. DDOS is a type of DOS attack where multiple compromised systems, which are often infected with a Trojan, are used to target a single system causing a Denial of Service (DOS) attack. Victims of a DDOS attack consist of both the end targeted system and all systems maliciously used and controlled by the hacker in the distributed attack.

How DDOS Attacks Work

In a DDOS attack, the incoming traffic flooding the victim originates from many different sources – potentially hundreds of thousands or more. This effectively makes it impossible to stop the attack simply by blocking a single IP address; plus, it is very difficult to distinguish legitimate user traffic from attack traffic when spread across so many points of origin.

The Difference Between DOS and DDOS Attacks

A Denial of Service (DOS) attack is different from a DDOS attack. The DOS attack typically uses one computer and one Internet connection to flood a targeted system or resource. The DDOS attack uses multiple computers and Internet connections to flood the targeted resource. DDOS attacks are often global attacks distributed via botnets and, with the widespread availability of high-speed internet connections, it has become increasing difficult to overwhelm a target with a single computer, thereby causing DOS attacks that use one computer much less effective than DDOS attacks.

Types of DDOS Attacks

There are many types of DDOS attacks. Common attacks include the following:

• Traffic attacks: Traffic flooding attacks send a huge volume of TCP, UDP and ICPM packets to the target. Legitimate requests get lost and these attacks may be accompanied by malware exploitation.

• Bandwidth attacks: This DDOS attack overloads the target with massive amounts of junk data. This results in a loss of network bandwidth and equipment resources and can lead to a complete denial of service.

• Application attacks: Application-layer data messages can deplete resources in the application layer, leaving the target's system services unavailable.

What is Null Routing?

In computer networking, a null route or a blackhole route is a network route that goes nowhere. Matching packets are dropped or ignored rather than being forwarded, acting as a kind of very limited firewall. The act of using null routes is often called blackhole filtering.

In the case of a especially severe DDOS attack, a Internet Service Provider (ISP) will typically implement null routing in order to ensure that the data intended to flood the target system does not reach the network. This is done typically to mitigate the attack and limit the impact to their larger network, therefore protecting both the targeted customer to a certain point as well as their other customers. 

How do I fix a Null Route?

If your cable modem has been null-routed by your ISP to ensure the integrity of the network, the first step is to wait out the DDOS attack until it's over - the null-route is one of the measures preventing serious damage to any networking equipment between you and whoever is implementing the DDOS attack. Once the DDOS attack is over, usually a null-route is able to be reversed by disconnecting any devices connected to your cable modem  and then resetting the modem itself. Once this is done and your devices are re-connected, the dynamic DHCP that your ISP uses should begin to properly assign IP addresses to them.