How To Stop A Botnet With CrowdSec

Distributed Denial-of-service (DDoS) attacks have been targeting all types of businesses over the past few years. They have been used by hackers for quite some time and are some of the most common attacks but remain extremely efficient and harmful. 

The concept is simple: hackers hammer a given target from many different locations to take it down (and usually ask for money afterward as a condition to stop the attack).

There are several types of DDoS:

  • L3 DDoS (referring to OSI Model Layer 3). The L3 is the network layer, and L3 DDoS typically target network equipment and connection to flood them up to the point where there are simply too many packets to handle. It’s a tremendously efficient attack, but most major hosting providers and hyperscalers are well protected against them nowadays.
  • L7 DDoS (for Layer 7) directly targets applications. The goal here isn’t to shut down the network but rather the service itself, by flooding it with applicative requests (usually Web ones), leading to a resource shortage (CPU, RAM, or both).

E-commerce sites are one of the usual victims: an e-commerce site down is a site that isn’t making money. There are many ways and tools to perform this kind of attack and many layers of defense, but today we will focus on application (layer 7) distributed denial of service, L7 DDoS in short.