Downtime isn’t anything new and has been here for decades – while the majority of developers and system administrators do know the main reason behind it, it’s not going away anytime soon. Part of the reason why is that downtime is frequently attributed to DDoS attacks – such attacks target websites, servers, and critical infrastructure and overwhelm it with traffic denying access to it as a result. According to Securelist, almost half of DDoS attacks recorded by their systems originated from the US, and according to a survey conducted by Comparitech, nearly 70 percent of surveyed organizations do experience 20 to 50 DDoS attacks every month.
No DDoS attack is the same. These kinds of attacks differ by their types, which include, but are not limited to the following types:
- UDP flood DDoS attacks flood random ports on a specified host with data using User Datagram Protocol packets.
- ICMP flood DDoS attacks flood a server with ICMP packets.
- SYN flood attacks usually take advantage of the TCP/IP process to flood systems with data by repeatedly sending synchronization – SYN – packets to every port on a server.
- HTTP flood attacks overwhelm a specific server with HTTP requests.
- Slowloris attacks use HTTP requests to open connections between an attacker’s computer and a web server, then keep those connections open for a long period of time.
Each type of attack is different, but their core principle is the same – both DoS and DDoS attacks slow down the targeted web server. Knowing this, though, a logical question could appear – if there are so many DDoS attack types and so many people who do illegal things on the web, why are so many websites and services still standing? The devil is in the details – many services protect consumers from exactly these types of attacks.
DDoS attacks are dangerous, there’s no doubt about it. But just as they’re dangerous, they’re relatively easy to protect against if we know how they work internally and educate ourselves on the methods that attackers usually employ to harm our infrastructure. There are a couple of ways we can go about doing that:
- Use a CDN that acts as an intermediary between your server and the visitor. Services like CloudFlare, Sucuri, Imperva, and the like use precisely this method to protect their customers: by pointing their nameservers to the ones provided by the service provider of choice, customers can make sure that traffic will be routed to one of many CDNs that are available in case of an attack and thus the server behind their web service will remain available.
- Deploy a firewall behind your application – not all firewalls protect applications from DDoS attacks and some only protect them from attacks like SQL injection, Cross-site Scripting, Cross-site Request Forgery, and the like, but those that do are likely to do both: they protect applications from Layer 7 attacks as a whole which includes attacks like SQL injection and DDoS attacks as well.
- Minimize the attack surface for your application – when designing your application, be especially careful not to expose your application to ports and protocols from where you don’t want to receive any communication.
All of the aforementioned advice is closely linked to one another – to minimize the attack surface of an application developers usually deploy solutions like firewalls and those firewalls frequently come with CDNs that help mitigate DoS and DDoS attacks if they do occur. Another thing to keep in mind though would be that DoS and DDoS attacks are not the same – in a DoS style of attack an attacker uses a single server to flood another server with data and thus make it unavailable, but when DDoS attacks are in use, multiple servers or systems target a single server with a DoS attack all at once. Thus, all DDoS attacks are DoS attacks, but not all DoS attacks are DDoS attacks.
There are all kinds of services that protect applications from DDoS attacks – some offer SLAs with a guaranteed time-to-mitigation, some offer integrations with other services, and the majority of them offer overwhelming support and speedy and quality mitigation – make sure to do research on your own and choose the provider you like the most. And while providers like the data breach search engine provided by BreachDirectory won’t protect you from DDoS attacks, information derived from BreachDirectory can certainly protect both you and your team from identity theft – make good use of the capabilities provided by the BreachDirectory API service, and until next time! We hope that you’ve enjoyed reading this blog and that you will stay around for more – as a complementary blog, we suggest you read up on the functionalities of firewalls, and we’ll see you in the next one!