How to Stop DDoS Attacks: 6 Tips for Fighting DDoS Attacks
Your organization’s survival or doom could depend on your ability to quickly stop a DDoS attack. DDoS attacks can have devastating effects on your business, rendering it unreachable online and making it impossible to communicate with customers.
You are not the only one who is affected by DDoS attacks. DDoS attacks have been a major problem for many organizations in 2018, including Google, Amazon, and Pinterest. GitHub was also a victim of one of the largest DDoS attacks ever recorded.
A basic denial of service (DoS) attack involves bombarding an IP address with large amounts of traffic. If the IP address points at a Web server then it (or any routers upstream) could be overwhelmed. The Web server will not be accessible to legitimate traffic, so the site is unavailable. Service is denied.
A distributed denial-of-service attack (DDoS), is a particular type of attack. Although the principle is the same, the malicious traffic generated by multiple sources is orchestrated from a single central point. DDoS attacks are more difficult to stop because the traffic sources are scattered around the globe, rather than originating from one IP address.
Learn about different types of DDoS attacks
DDoS attacks are becoming more common
According to Corero Network Security research, DDoS attacks have become more commonplace since 2017. The DDoS Trends and Analysis report by Corero Network Security found that attacks have increased 35% in the three-quarters of 2017 compared to Q2.
Their increased prevalence can be attributed to the growing number of insecure Internet of Things devices (IoT) that are being infected, and then recruited into botnets like Reaper.
The volume of data launched at DDoS attack victims has also gone up significantly, largely thanks to amplification attacks such as the Memcached amplification attack technique. Cybercriminals launched 15,000 Memcached attacks earlier this year. One of these attacks was on GitHub, which reached an astounding 1.35 Tbps.
It is nearly impossible to prevent a DDoS assault when malicious actors can launch more than 1 Tbps at your server. This means it is even more important to learn how to stop DDoS attacks after they have started to impact your operations. Here are six ways to stop a DDoS attack.
How to stop DDoS attacks
1. Identify The DDoS Attack Early
You must be able to identify attacks on your servers if you own them. This is because the sooner that you identify the DDoS attack on your website, the quicker you can stop it.
It’s important to be familiar with the typical profile of your inbound traffic to help you spot changes in it. DDoS attacks usually start with sudden spikes in traffic. It’s important to know how to distinguish between legitimate visitors and DDoS attackers.
It is also a good idea for your company to name a DDoS leader who will be responsible for assisting you in an attack.
2. Overprovision Bandwidth
It is a good idea to have more bandwidth than you think you will need for your Web server. This will allow you to accommodate unexpected traffic spikes that may be caused by advertising campaigns, special offers, or mentions of your company in media.
Even if your overprovisioning is 100 percent or 500 percent, it won’t stop DDoS attacks. It may give you some extra time to react before your resources become overwhelmed.
3. If you own a web server, defend the network perimeter
You can take a few technical steps to reduce the impact of an attack, especially during the initial minutes. Some of these measures are very simple. For example, you can:
- Rate limit your router to stop your Web server from being overwhelmed
- Add filters to instruct your router to drop packets coming from known sources of attack
- Half-open timeout connections more aggressively
- Drop spoofed and malformed packages
- Lower flood thresholds for UDP, ICMP, and SYN
These steps were effective in the past but DDoS attacks are too big for them to completely stop. You can only hope that these steps will allow you to be able to take a break from a DDoS attack as it escalates.
4. Call Your ISP Or Hosting Provider
Next, call your ISP or hosting provider if your Web server is not hosted by them. Tell them that you are under attack and ask for assistance. You will need to have the emergency contact information for your ISP and hosting provider on hand to do this quickly. The attack may have been detected by ISPs or hosts earlier, or they may be overwhelmed themselves.
If your Web server is hosted in a center, you have a greater chance of surviving a DDoS attack than if it were run by you. Because the data center is likely to have higher bandwidth links and larger capacity routers than your business, and because their staff has more experience with dealing with attacks. Your Web server will be located with a hoster to keep DDoS traffic directed at it off your corporate network. This will ensure that most of your business, including voice over IP (VoIP), services, should function normally during an attack.
If there is a large-scale DDoS attack, ISPs or hosting companies will likely “null route” your traffic. This results in packets being dropped from your Web server before they arrive.
Hosting companies can find it very expensive to allow DDoS on their networks. It consumes a lot of bandwidth and can impact other customers. So the first thing we might try is blackholed you for a while,” Liam Enticknap said, PEER 1 hosting’s network operations engineer.
Tim Pat Dufficy is the managing director of ISP server space. He says that the first thing we do is log onto our routers to stop traffic from entering our network when we notice a customer being attacked. It takes around two minutes for traffic to stop spreading globally via BGP (border gateway protocol).
The DDoS attack could still succeed even if that were the end of it. Your ISP or hosting company might redirect traffic to a scrubber to remove malicious packets before they are sent to your Web server.
Enticknap said, “We use our experience and different tools to understand how traffic to your site changed from what it received before and to identify malicious packages.” Enticknap believes that PEER 1 can take in, scrub, and send on very high amounts of traffic. However, with traffic levels comparable to Github’s, this effort would likely be overwhelmed.
5. Call A DDoS Mitigation Specialist
A specialist DDoS mitigation firm is your best option for staying online in the event of large-scale attacks. These companies have the extensive infrastructure and can use many technologies including data scrubbing to keep your website online. To handle large attacks, you may need to contact DDoS mitigation companies directly. Your hosting company or service provider may also have a partnership agreement.
Dufficy said, “If a customer requires DDoS mitigation then we divert their traffic to (DDoS mitigation firm) Black Lotus.” It takes only a few seconds to do this with BGP.
Black Lotus’s scrubbing center can handle high traffic levels and deliver clean traffic to its destination. However, this causes website users to experience higher latency.
DDoS mitigation services can be expensive. You have to decide if you’d rather pay for your online presence or wait for the DDoS attack to subside before you can continue doing business. A monthly subscription to DDoS mitigation services may cost you a few hundred dollars. Waiting until you need one will cost you more and make it take longer to start working.
6. Create A DDoS Playbook
A playbook is the best way to make sure your organization responds quickly and effectively to a DDoS attack.
These actions should be listed, along with the contact information and phone numbers of any individuals who might need to be involved in the playbook’s implementation. DDoS mitigation companies may be able to help you with this. They can simulate a DDoS attack to allow you to quickly develop and refine your corporate response to the real threat.
Communication to customers is an important aspect of your response to a DDoS threat. DDoS attacks can be as long as 24 hours. Good communication will ensure that your business remains under attack and costs are minimized.
Your organization should make significant efforts to prevent a DDoS attack on your infrastructure. This is the topic of the next article in the series. How to Prevent DDoS Attacks.
Paul Rubens has been writing about IT security for more than 20 years. He has been a journalist for leading the UK and international publications, including The Economist and The Times, Financial Times and the BBC, Computing, and ServerWatch.