Tutorials

How to protect against a DDoS attack

DDoS attacks are increasing - here's how to fight back

The distributed denial of service attack (DDoS) has become one of the most popular, and most effective, methods deployed by criminals to disrupt the activities of a target business.

The technique, which can be utilised by everyone from so-called 'script kiddies' and amateur coders to professional hackers, involves bombarding a target website or server with artificial traffic to the point that it buckles under the strain.

Advertisement - Article continues below

Every time a computer visits a website, it requests access to that site's content. A DDoS attack exploits this by sending more requests than a server can cope with at any given time. This can result in either long delays for other users requesting content, or a server completely failing.

Given the relatively crude nature of the attack and the fact that it's incredibly difficult to prevent or stop once discovered, DDoS continues to be an effective tool for taking down websites.

A criminal doesn't need to do much of the heavy lifting either, as there are a number of DDoS-for-hire groups operating on the dark web. These services have spent time spreading malware to devices across the world, which can then be mobilised as a visitor to a particular website or used to issue a server request.

Advertisement
Advertisement - Article continues below

While these types of attacks were normally done in isolation, and often in an attempt to tarnish the reputation of or cause financial damage to a particular company, they are often used today as a smokescreen to divert attention away from a far more serious hack.

Advertisement - Article continues below

The largest-ever DDoS attack on record was launched against GitHub in February 2018, although it only managed to knock the code repository offline for 10 minutes. Far greater disruption was caused during a smaller attack on the Dyn DNS server in 2016, which took down some of the world's most popular sites, including Netflix, Spotify and Amazon.

Both of these examples are also demonstrative of the way criminals are using new technologies and exploits to carry out DDoS attacks the Dyn attack is thought to have used an IoT-powered botnet, while the GitHub attack made use of poor authentication on memcached servers.

What's more, it's not just the big-name players on the internet who are at risk from DDoS attacks everyone is. According to March 2018 research from Kaspersky Lab, 27% of businesses caught up in such an incident think they were collateral damage, rather than being the intended target. This reiterates the need for all organisations to know how to protect themselves from a DDoS attack.

Back to basics

Rather than over-provisioning, simple things such as bandwidth buffering can allow for traffic spikes including those associated with DDoS attack and give you time to both recognise the attack and react to it.

Advertisement - Article continues below

It's also probably worth putting into place other basic safeguards that can gain you a few precious minutes: rate-limiting your router, adding filters to drop obvious spoofed or malformed packets and setting lower drop thresholds for ICMP, SYN and UDP floods. All these will buy you time to try and find help.

DDoS response planning

The first thing every organisation should do when suspecting a DDoS attack is confirm it actually happened. Once you've discounted DNS errors or upstream routing problems, then your DDoS response plan can kick in.

What should be in that response plan? Contact relevant members of your incident response team, including leads from applications and operations teams, as both are likely to be impacted.

Advertisement
Advertisement - Article continues below

Then contact your ISP, but don't be surprised if it black-holes your traffic. A DDoS attack costs it money, so null routing packets before they arrive at your servers is often the default option. It may offer to divert your traffic through a third-party scrubber network instead; these filter attack packets and only allow clean traffic to reach you.

Advertisement - Article continues below

Be warned, this is likely to be a more expensive emergency option than had you contracted such a content distribution network (CDN) to monitor traffic patterns and scrub attack traffic on a subscription basis.

Prioritise, sacrifice and survive

Ensure the limited network resources available to you are prioritised - make this is a financially driven exercise as it helps with focus. Sacrifice low-value traffic to keep high-value applications and services alive. Remember that DDoS response plan we mentioned?

This is the kind of thing that should be in it, then these decisions aren't being taken on the fly and under time pressure. There's no point allowing equal access to high-value applications, whitelist your most trusted partners and remote employees using VPN to ensure they get priority.

Multi-vector attacks

Multi-vector attacks, such as when a DDoS attack is used to hide a data exfiltration attempt, are notoriously difficult to defend against. It's all too easy to say that you must prioritise the data protection, but the smokescreen DDoS remains a very real attack on your business.

Advertisement - Article continues below

The motivation behind a DDoS is irrelevant, they should all be dealt with using layered DDoS defences. These should include the use of a CDN to deal with volumetric attacks, with web application firewalls and gateway appliances dealing with the rest. A dedicated DDoS defence specialist will be able to advise on the best mix for you.

DDoS mitigation services

It's worth considering investing in DDoS mitigation services if you're particularly likely to be a target of a DDoS attack (for example, if you're a large organisation) or at least knowing about what's out there, just in case.

One of the biggest and best known is Cloudflare, which has made headlines offering DDoS mitigation services to the likes of Wikileaks as well as working to mitigate wider attacks like the WireX botnet and the 2013 Spamhaus attack.

Cloudflare isn't the only game in town, though and many network and application delivery optimisation firms offer DDoS mitigation services.

Advertisement - Article continues below

Other well-known brands include Akamai, F5 Networks, Imperva, NETSCOUT Arbor and Verisign. Less well-known options that are also worth considering include ThousandEyes, Neustar and DOSarrest.

Some of these providers offer so-called emergency coverage, which you can buy when an attack is underway to mitigate the worst of it, while others require a more long-term contract.

If you're already using other products from any of these companies, you may want to look into adding DDoS protection to your package. Alternatively, if you use another network optimisation firm not mentioned here, it's worth seeing if it offers DDoS protection and how much it would cost. As mentioned above, your ISP may also offer some form of DDoS protection, particularly in an emergency, but it's worth seeing quite how comprehensive this would be beforehand, as well as the processes involved and how much it will cost.

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement
Advertisement

Recommended

Visit/security/data-breaches/355056/vpnmentors-web-mapping-project-finds-more-exposed-military-files-via
data breaches

Printing company exposes 343GB of sensitive military data

20 Mar 2020
Visit/security/355013/10-quick-tips-to-identifying-phishing-emails
Security

10 quick tips to identifying phishing emails

16 Mar 2020
Visit/business-strategy/mergers-and-acquisitions/354941/panda-security-to-be-acquired-by-watchguard
mergers and acquisitions

Panda Security to be acquired by WatchGuard

9 Mar 2020
Visit/business-strategy/31780/the-it-pro-panel
Business strategy

The IT Pro Panel

24 Feb 2020

Most Popular

Visit/infrastructure/server-storage/355118/hpe-warns-of-critical-bug-that-destroys-ssds-after-40000-hours
Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020
Visit/software/video-conferencing/355138/zoom-beaming-ios-user-data-to-facebook-for-targeted-ads
video conferencing

Zoom beams iOS user data to Facebook for targeted ads

27 Mar 2020
Visit/software/355113/companies-offering-free-software-to-fight-covid-19
Software

These are the companies offering free software during the coronavirus crisis

25 Mar 2020
Visit/mobile/mobile-phones/355088/apple-lifts-iphone-purchase-restrictions
Mobile Phones

Apple lifts iPhone purchase restrictions

23 Mar 2020