You might assume that DDOS attacks were a thing of the past. Well, if you heard about the recent news, you would not think like that again.
“DDoS attacks Ubisoft”.
“A massive DDoS attack hits on Telegram”.
“Ecuador seeks help from Israel experts to recover back from DDoS multiple attacks“.
While high-speed internet has pushed DDoS attacks a bit, these attackers have found new ways to achieve their objectives. Before discussing the ability to prevent DDoS attacks, you must know how it is done.
How DDoS attacks are done?
DDoS overloads the server’s resources and bandwidth to reduce or prevent users from accessing online services. It creates a flood of internet traffic by overwhelming the target resources with the use of 10 – 1000 botnets. Therefore, actual users cannot access the sites and they have to face a huge amount of internet traffic while the web page is still loading.
Okay, wait, Now what is a botnet?
When an attacker gains control of a network system, he infects the computers and other network devices with malware and then makes them as bots or zombies. So gaining control over a group of bots via the network is called a botnet. These bots target IP address of the victim and send numerous requests. This causes an overflow of the network capacity which eventually causes a denial of service to the normal traffic which is formed. As all the devices are legitimate in the network, it is difficult to identify whether the traffic is real or attacked.
Are all these attacks done in the same way? No, not really.
Let’s see the type of DDoS attacks
DDoS attacks can be categorized into 3 types.
- Volumetric Attacks: In this type of attack, it tries to absorb all the available bandwidth of the attacked site. UDP Floods, ICMP Floods, DNS Amplification are some common types of attacks that come in this form.
- Protocol Attacks: It is also known as State Exhaustion Attack which intends to saturate all the available capacity of web servers or intermediate communication equipment such as load balancers and firewalls. SYN Floods, ping of death, Smurf DDoS, fragmented packet attacks are some common types of attacks under this category.
- Application Layer Attacks: This type of attack intend to crash the web servers and it is difficult to separate this request from the actual requests. Low-and-slow attacks, HTTP flood, GET/POST floods, attacks on Windows, Apache or OpenBSD are some common types of attacks that come under this category.
Why is it so hard to prevent and detect DDoS Attacks?
To mitigate DDoS damage, we have to detect it early. This is quite difficult though. Although most of these botnets are illegal, botnets are widely used on a routine basis for different attacks. But these attackers do a great job to prevent themselves from getting caught. These attackers use anonymous communication methods which are very hard to trace. Thus, it is very hard to catch a bot in these attacks.
Sometimes, governments also possess these data of botnets by illegal wiretapping and other illegal tracking methods. However, as they cannot legally prove them, the government is unable to uphold justice. Even the US government was unable to take action against any attacker based on that data.
Another thing is UDP messages with a spoofed source IP is sent to a web service in DDoS attacks. So the service replies to the Source IP in the message. But the actual source query is not logged anywhere and is hard to find. Also, as these messages use many clients in many servers, it looks like regular traffic to the observers. So, to identify these messages, a large part of the network should be examined thoroughly in real-time.
Now, a lot of advanced freeware can be found to drive down the cost for the bots. So hackers are entertained by these supplies. Also, hackers use systems like Mirai in DDoS attacks. It is now a complicated task to prevent websites from getting attacked by DDoS.
Does this mean we can’t stop DDoS attacks? Obviously not. Cybersecurity experts have their ways to prevent DDoS attacks.
How to prevent DDoS attacks
Increasing the Bandwidth
One of the best solutions is to make the hardware structure of the web services into a DDoS Resistant state. For that, the bandwidth of the website should be increased to handle the spikes of DDoS attacks efficiently. This means that the attacker must create a lot of traffic that should exceed the bandwidth limit of the web service to make it malfunction.
Network hardware configuration against DDoS
Hardware configurations can be used efficiently to prevent DDoS attacks such as router configuration and firewall configurations. DNS and ping based volumetric attacks can be prevented by blocking DNS responses and dropping ICMP packets from the above configurations.
Anti-DDoS hardware and software modules
Network firewalls, web application firewalls, load balancers, Software protection against DDoS are some trends now for the protection against DDoS. Apache 2.2.15,mod_reqtimeout module is an example of some software protection. Software protection can be used to monitor threats and to block them when they are overloading the web services resources. SYN flood attacks can be prevented using this software protections.
DDoS Protection Appliances
Akamai DDoS mitigation, Verisign DDoS Protection Service, Radware DDoS Protection, Cloudflare DDoS Protection, and Arbor Networks APS are some DDoS Protection appliances that you can use. Blocking abnormal traffic by observing traffic behavior is the main method of these appliances. But these appliances are limited based on the traffic that they could handle. Most of the DDoS attacks have a greater magnitude of data traffic than the high-end appliance’s data handling rates.
Multiple Datacenter Usage
Make redundancy across your servers by spreading them in multiple data centers in different countries and regions with a good load balancing system to manage the traffic of your services. These geographically and topologically distributed data centers successfully face the attackers as they can only attack a part of your crowd while others remain unaffected.
Find DDoS Protected Hosting
Find DDoS protection specialized hosting service to host your services. Business resources and companies with different scales can easily try automatic hosting protection by these hosts. Users can select many hosting plans, dedicated IP addresses, SSD Storage facilities, 24×7 online support, legitimate bandwidth which can be increased easily are some of the best features of these hosts. You can try services like HostingReview.com to find DDoS protected hosting services.
In my own experience, we are vulnerable to DDoS attacks, but we can protect our services with good solutions. Prevention methods and knowledge about the attack types can be used to defeat these types of threats for the internet community.