What you need to know about DDoS attacks

Written on 30 November, 2012 by Verity Meagher
Categories Web HostingTags hackedsecurity

So what is a DDoS attack?

There are many types of actual DDoS attacks; however for the purpose of this article we will summarise them into two broad categories.

The first scenario is somewhat rare, the attack relies on sending a piece of information to a targeted server, trying to make the server respond to that piece of information. For example it might be a request for a web page using the HTTP protocol. Simply put, this attack sends more and more work until the server either degrades to an unworkable state or goes off-line completely.

Generally from a mitigation perspective this type of attack is far simpler to control, the person launching the attack would often not have all the resources available to them and usually combines the power of a few servers. For this reason, the target are single machines in order to overload them from the point of view of being able to process all the requests they were sending. To combat this type of attack you could identify the small number of hosts initiating the attack and tell your targeted servers to simple ignore any requests coming from the server sending malicious requests.

The second scenario termed ‘Botnet’ is all about clogging the network that connects the server to the internet. This means that when a machine is targeted, packets of information are sent to it and the volume of that data will be massive and designed to simply flood the entire network of the target so that no valid traffic is able to come in, it is an online equivalent of a massive traffic jam. If a hosting provider is the target of this type of attack, the end users trying to download, send emails, or visitors to your websites would simply can’t get through.

In the simplest terms, a Botnet is a collection of computers that have been compromised usually by a virus or Trojan. They sit idly doing nothing until the person controlling the Botnet issues commands such as sending spam, or in this context flood the network of the target.

So how does Netregistry mitigate?

Netregistry has a number of connections to the Internet with an aggregate capability of around 1GB/second of data flow running at less than 60% capacity at all times, so that when faced with genuine spikes in traffic from client services we have enough available bandwidth to more than adequately handle the attack.

When an attack happens, such as the attacker sendings 5000x the capacity of our network, it is not as simple as ‘ignore requests from these specific servers’. The traffic coming in can originate from tens of thousands of hosts and even if you can identify them all, the attackers will usually just keep shifting the sources of the attack.

Three ways to address DDoS attacks

Behind the scenes there are a million things that engineers try to identify and stop during an attack but the attackers can also change their tactics over time. Three simple things in which you can do to help protect your online business include:

  1. Ensure you have enough bandwidth that no matter the size of the attack you still would not completely saturate it.
  2. Invest in anti-spam software, that can determine junk (malicious) traffic from normal traffic.
  3. Try and work with the bigger networks upstream to see if they can ignore the bad traffic coming in.

Whilst there are ways in which you can help prevent the effects of an attack, it is much harder to identify when an attack occur. The responsibility of trying to mitigate this type of incident falls to the hosting provider. We do our best and we understand the implications of downtime to online business, in fact we are acutely aware as it affects us in the same way.

Download the full e-book on 'What you need to know about DDoS attack'. Netregistry has a technical team equipped with the knowledge and expertise to handle these types of attacks, with a number of procedures and protocols in place to ensure a smooth recovery.