Suddenly being overloaded with unknown traffic and being shut down is certainly no fun. Could it be DDoS? Reto, our security officer, gives you some insights into the process of a DDoS attack, tips on ways of stopping it (hint: you better prepare!) and what kind of protective measures you can implement.
What does DDoS stand for?
DDoS attacks are one of the more serious threats in IT - especially if you rely on your web presence or your web services. DDoS means “distributed denial of service attack” and its focus lies solely on getting your web presence/service offline by overloading it
What is the reason for Distributed Denial of Service Attacks?
There are different reasons why DDoS attacks are being executed.
- To make money (ransom)
- To harm your business, e.g. overload your network
- "Political" reasons
What does a DDoS attack typically look like?
Phase 1 (optional): Reconnaissance
The attacker tries to find out what your setup looks like and how they can best attack it. Most often this phase remains unrecognised.
Phase 2 (optional): Attacker is launching a demonstration or test attack.
A short attack is launched (most often only for a few minutes) to either demonstrate to the target the capability for a DDoS attack or just to test if an attack will be successful. If it is for demonstration purposes, the attacker will most probably contact the victim and make them aware of an attack and inform them that it could be avoided by paying some ransom (reaction within hours).
Phase 3: The Actual DDoS attack
The target's server is being flooded by traffic originating from all around the globe (most often from botnets Or compute resources from various cloud providers). The type of attack can vary strongly. If the attacker performed a reconnaissance phase in advance, they also know what attack type is most effective. They can also mix different types of attacks so it's even harder to mitigate or take protective measures. Also the traffic looks like legitimate requests, so it's quite hard to filter.
What makes you an attractive target and why is DDoS so popular?
- If your IP is assigned to only one machine (or load balancer)
- If you have one or only a few interface(s) to overload
- he more services you run, the higher the number of various possible attacks
- DDoS is an efficient way to get the target offline
- There are ready-to-use frameworks for DDoS attacks → no special knowledge required
How can you prevent or mitigate a DDoS attack?
- «hide» behind a CDN like Cloudflare
- The easiest way: Don't let it happen, prepare before you're hit
- Disable all services you do not need
- Protect or at least hide resource intense services
- Distribute your services over different hosts/IPs, so they are not all affected at the same time
- NEVER EVER pay a ransom (Seriously, don't do it!)
- → This makes you just a more attractive target
- → encourages attackers to keep going and to attack others
How nine can protect you from DDoS attacks
- We offer Cloudflare as a CDN/WAF solution
- We help you put together protective measures to prepare for an attack
- Once an attack is running, our capabilities to support the targeted victim are very limited and our main focus is to protect our other customers from side effects
- This means we "black hole" traffic to the target so they become unreachable, thus reducing network load and keeping our other customers accessible
You'd like to have more information?
DDoS attacks are annoying. Once running, they're hard to stop and you will definitely be offline for some time. In case of a running attack we have to first focus on reducing impact for our other customers. So it makes sense to prepare beforehand. We at nine gladly help you set up proper protective measures.
You'd like to stay up to date?