Thursday, 8 October 2015 Blog ehdf

4 Tips for Fighting DDoS Attacks

What is DDoS?

DDoS is defined as distributed denial of service. A malicious hacker uses a DDoS attack to make a computer resource (i.e. – website, application, e-mail, voicemail, network) stop responding to legitimate users. The malicious hacker does this by commanding a fleet of remotely-controlled computers to send a flood of network traffic to the target. The target becomes so busy dealing with the attacker’s requests that it doesn’t have time to respond to legitimate users’ requests.

DDoS attacks by the numbers (Sources: multiple)

43% – increase in total DDoS attacks from Q2 2014
99% – increase in the average attack duration: 20.64 hours in Q2 2015 vs. 17.35 hours in Q2 2014
13 hours – the duration of the largest DDoS attack in Q2 2015
35% – percent of DDoS attacks targeting the online gaming industry – the number one DDoS target. Telecoms are another prime target

How a DDoS attack impacts you?

The impact of a DDoS attack to your business is costly and wide-ranging, and includes:
– Recovery costs, such as detection and emergency mitigation
– Indirect costs, such as lost productivity and brand reputation
– Opportunity costs, such as customer churn and lost business opportunities

4 tips for fighting DDoS attacks

Identify a DDoS Attack Early: To be in a position to do this, it’s a good idea to familiarize yourself with your typical inbound traffic profile. The more you know about what your normal traffic looks like, the easier it is to spot when its profile changes. Most DDoS attacks start as sharp spikes in traffic, and it’s helpful to be able to tell the difference between a sudden surge of legitimate visitors and the start of a DDoS attack.

Overprovision Bandwidth: Having more bandwidth than you need can help you accommodate sudden and unexpected surges in traffic that can be attributed to seasonal buying, a new product launch or even a mention in the media. It can also help you buy some time in the event of a DDoS attack to adjust your resources before they become overwhelmed.

Defend at Network Perimeter (if you run your own web server): There are a few technical measures that can be taken to partially mitigate the effect of an attack, especially in the first few minutes:
– Rate limit your router to prevent your web server being overwhelmed
– Add filters to tell your router to drop packets from obvious sources of attack
– Timeout half-open connections more aggressively
– Drop spoofed or malformed packages

Immediately call your Hosting Provider: You stand a better chance of withstanding a DDoS attack if your web server is hosted with a third party data centre provider. That’s because their data centre will likely have far higher bandwidth and capacity routers than your company has itself, and its staff will probably have more experience dealing with attacks. Having your web server located with a hosting services provider will also keep DDoS traffic aimed at your web server off your corporate LAN, so at least that part of your business – including email and possibly voice over IP services – should operate normally during an attack.