DDoS attacks are becoming more and more common as time goes on. It used to be to where only the most skilled hackers could pull off such vicious attacks. Nowadays, anybody with a malicious intent and a service can perform a DDoS attack. With the increased accessibility to attack software, smaller businesses have more to worry about. Well-planned attacks can be difficult to stop. Luckily, with the correct measures, DDoS attacks of any size can successfully be combatted.
As a business owner, it’s important for you to take the time to understand DDoS attacks and how you can stop them. If you don’t, your servers can successfully be shut down, which results in lost time and money. Users will go to competitors, sales will be lost, and reputation will be hurt. As a business owner, you need to do everything in your power to keep your business running smoothly. In this article, I will give you the information you need in order to protect you from the next big attack.
Types Of DDoS attacks
DDoS attacks aren’t as simple as they used to be. You can’t just open up a terminal, flood a ping address and call it a successful attack. As companies and security teams adapted, methods grew to be more sophisticated. As a result, there are multiple ways an attacker can take down your servers.
This attack is simply flooding many syn attacks per second. If a server receives too many syn requests, resources will be blocked for legitimate users. Syn attacks rely on the TCP connection opened when a client sends a request. There is a three-step response when this happens.
- The client sends a SYN request
- The server sends back an SYN-ACK request(acknowledging the request)
- Client responds with an ACK request, which establishes the connection
A SYN attack will send many requests that are designed to not receive an ACK request back. A server will wait to receive this request, which will take up resources. If an attacker sends many requests that just sit on a server waiting to be responded to(half-open TCP connection), the server’s resources get eaten up quickly.
A simple, yet deadly attack known as the DNS flood can also exhaust your server’s resources. An attacker can send a lookup query from a spoofed IP address, which will echo back DNS information. The attacker’s goal is to completely saturate your server with a flood of UDP requests. Attackers can run a simple script from multiple IP’s that all request information from your DNS server.
Your server can only handle so much. After so many requests, your server’s bandwidth limit is reached, thus restricting access for legitimate users.
Application Layer Attacks
Application layer attacks are one of the trickier ones to fight against. Application layer attacks, also known as layer 7 attacks, are launched at the user-interface level. Since layer 7 attacks mimic user behavior, they can be tricky to mitigate.
Layer 7 attacks are interesting because they can attack certain elements of a website. For example, when a button is clicked, it sends either a GET or POST request to your server. A layer 7 attack can mimic a user clicking each button on your homepage 1000 times per second. It’s harder to identify this DDoS attack since it behaves like a normal user.
Stopping DDoS attacks
Now that you know the different types of attacks, how can you protect against all of them? You can protect from DNS attacks, but what if an application layer attack is performed? You need to be ready for any DDoS attack that comes your way. In this section, I will go over how to protect from each kind of attack.
Stopping Syn attacks
There are a few ways to go about stopping syn attacks. More common methods include filtering techniques, which can stop an attack right in its tracks.
Syn cookies are hashes that the server will send back for verification. This will prevent attacks because spoofed IP’s will not be able to return the correct arguments. If the client can’t pass verification, the TCP port won’t continue listening for a response.
Tweaking the Stack
Network administrators can modify the TCP stack. This may include reducing the amount of time a server listens for a SYN-ACK response. Another way is to simply drop certain connections. This method assumes you have a network administrator who can do this. If you don’t, there are services such as Incapsula that help you with tweaking the stack.
Administrators can dedicate less memory for each incoming SYN request. This difference can be exponential since often times, attacks involve tens of thousands of requests. Dedicating less memory for each attack will greatly reduce the effectiveness of a SYN attack.
Stopping DNS Attacks
DNS attacks aren’t very complicated, so these attacks tend to be more simple to fend off. Don’t doubt even for a second that a DNS attack will take your servers out. Even though DNS floods are relatively simple, they can still be deadly. There are a few techniques that can prepare you for an inevitable attack.
Monitoring DNS Requests
A DNS flood simply sends many requests to your domain name server, so an attack would be fairly obvious if you had software that monitored the amount of requests received. There are services out there for this. If you can’t monitor DNS traffic, you won’t even know that you are being attacked. The first step to preventing a DNS flood is being aware of it.
Services such as BIND or Incapsula give you graphs that monitor DNS traffic. If your DNS server is being flooded, the graphs will make it fairly obvious.
Overprovision your name servers
A simple way to prevent DNS floods is to have an infrastructure that can handle more requests than necessary. Overprovisioning isn’t super expensive either, but it will cost you. The more you’re willing to spend, the more DNS requests your name server will be able to handle. If you have a small business, something in the medium price range should work. If you have a larger business, then you should worry about spending more.
Cloud-Based name servers
There’s nothing better than having a third party provider when it comes to name servers. You can pay a company such as Dyn or Neustar to host your DNS server and take incoming requests. If you don’t have an IT team or don’t have the time to secure your own network, cloud-based DNS providers is a solid option.
Stopping Application Layer Attacks
Application layer attacks aren’t as obvious to catch. They can sometimes be difficult to distinguish from real traffic since these attacks hide under actual protocols. Application layer attacks require more sophisticated methods such as traffic filtering and advanced firewalls to stop. There are a couple of common methods that are most effective when it comes to stopping these attacks.
Filtering Using Traffic Mitigation
There are quite a few traffic mitigation services out there. The idea is to detect unusual trends and immediately direct malicious traffic elsewhere. This process works best because it can be automated and stop most small-scale DDoS attacks. When it comes to application layer attacks, traffic mitigation can help you determine what is and isn’t normal behavior.
Application layer attacks come in the form of user interaction, but it’s not impossible to detect an unusual amount of button clicks or page views.
Using DDoS Protection services
Traffic mitigation is a complicated process that requires lots of fine tuning. Doing this yourself is out of the question since it would require more resources and money than you can handle. Luckily, DDoS attacks are so common it has spawned a completely new business model. There are several quality services like InCapsula out there that can successfully mitigate traffic and discard it effectively. Third party services do the heavy lifting for you.
Third Party Cloud Services
DDoS attacks are deadly because they exhaust system resources to the point where your servers can’t handle any more traffic. Cloud-based services look to solve this problem. You don’t have the money and resources to set up large server farms, so other businesses offer their servers for a price. This works because third-party services can handle DDoS attacks of any scale, given you purchase enough bandwidth from them.
Overprovisioning Your Bandwidth
You should always purchase more bandwidth than necessary. Not only will you be prepared for large traffic spikes, but your website will also be harder to take down. The more bandwidth you purchase, the larger the DDoS attack has to be. The question is: how much bandwidth should you purchase?
You should purchase quite a bit. This will cost money, but it’s an investment since it might save you in the long run. If you own a small business, purchase the amount of bandwidth required to run a medium sized business. If you own a fairly large business, purchase enough bandwidth to run a larger corporation. An attacker may assume a small attack can take down a small business. If you have more bandwidth than needed, many small attacks will fail.
The best DDoS protection service
Now that you know the types of DDoS attacks and how to stop them, you have the knowledge to choose a service that will best suit your needs. You could hire a competent IT team, but that’s only practical for larger corporations. You are tight on money and need the best solution for the best price.
Incapsula has successfully protected many established businesses in the past. When it comes to stopping DDoS attacks, Incapsula will serve your needs the best. Stopping SYN, DNS, and application layer attacks require special tools to help you in the process. Incapsula provides quality tools that will never let you down when times get tough.
DDoS attacks hurt businesses every day. They cost money, reputation, and your sanity. Many businesses who have been hurt by DDoS attacks all had one thing in common: they didn’t know how dangerous they can be. This isn’t you. You know what DDoS attacks are, how to stop them, and what service does the best job. With this knowledge, you have one responsibility. You are responsible for your business’s success.
When taking the time to understand DDoS attacks, you are investing in your future. The money, time, and effort will pay off when your business stands tall. Businesses lose tens of thousands of dollars to a single DDoS attack. Now that you have the right knowledge, you can prevent this from happening to you in the future by using InCapsula.