DDoS Attacks and how to deal with them

Akamai Technologies has revealed that DDoS attacks greater than 100 Gbps (Gigabits per second) have increased by 138% on a Global scale over the past year.

For those of you who are unaware of what a DDoS attack is, it is the process in which a website is flooded with traffic from different sources in order to deny users access and to make the targeted website unavailable. When the site becomes overwhelmed by this traffic it goes down for a period of time. There are different types of DDoS attacks which include:

  • Traffic Attacks which stop legitimate traffic reaching a site
  • Attacks on bandwidth which result in a loss of network bandwidth
  • Application attacks which render the targeted systems services unavailable

 

The explanation above describes an intentional attack on a system. However there are also unintentional denials of service which can be caused by a surge in traffic caused by the boost in popularity of a website. For example if tickets have gone on sale for a particular artist, what sometimes happens is the website will freeze, crash or suddenly have a 404 error message stating to come back later. This will have the same impact as a DDoS attack.

 

The following things can indicate a DDoS attack:

  • A notably slow network performance
  • Inaccessibility to a certain website
  • A disconnection of wired internet connection (or wireless).
  • An unusual increase in spam emails which is known as an “e-mail bomb”

How to defend against DDoS attacks:

Preventive measures of DDoS attacks normally require a combination of traffic analysis, attack detection and response tools and the aim of these are to identify whether traffic is legal or illegal and to only allow the legal traffic to pass through. Fortunately enough there are plenty of these:

Firewalls: A firewall can have rules added to it to block traffic which is deemed malicious. The traffic is identified through the ports or IP address they are coming from. However in the case of more elaborate attacks using these rules does not completely block all the incoming traffic sent during the attack and attempting to do this on a larger scale could possibly prevent authentic traffic from reaching your server.

Blackholing and Sinkholing: This method misleads malicious traffic into revealing their host names and IP addresses. This information can be redirected to an analysing machine which can identify and reject bad packets and detect attack patterns made through these IPs or host names.

Application front end hardware: This hardware is positioned on the network before oncoming traffic reaches the server. The hardware evaluates the data packets as they enter the system and then classifies them as valid, invalid or malicious.

There are plenty of tools, hardware and software which can help aid you in preventing and reducing the affects of a DDoS attack but it is becoming more and more important that you can identify the symptoms of a DDoS attack. If you need help with this process or would like some advice on which hardware or software will help you, get in contact with us on +44 (0) 800 319 6032 or email us at info@northernstar.co.uk.

Leave a Reply