A total of 10,089,687. That is the questionable record number of Distributed Denial of Service (DDoS) attacks carried out in 2020. By the way, such a DDoS attack is not difficult to conduct. You can ‘order’ one for about 10 euros. This article will teach you how to defend your VPS and your company from a DDoS attack.
What is a DDoS attack?
With the growth of the internet, the number of DDoS attacks also increases. During a DDoS attack, a massive number of devices (thus distributed) bombard an organization’s (or a person’s) server with copious amounts of traffic. The motives for a DDoS attack vary greatly; from dissatisfaction to a bad joke or even blackmail.
The intensity of the attack makes the website or internet service inaccessible. People can’t make deposits (or access their accounts) at banks, can’t make appointments at clinics, and can’t make payments at webshops.
The aim of the attack is to render the server, service or infrastructure inaccessible. This can be done in various ways. The attack can saturate the server’s bandwidth to make it inaccessible or it can overload the machine’s system resources. As a result, it no longer responds to ‘normal’ traffic.
DDoS amplification
A DDoS attack can happen in different ways. For example using DNS amplification. With DNS amplification the attacker exploits weaknesses in Domain Name System (DNS) servers. The attack converts small requests into far larger payloads that are then used to bring down the victim’s servers.
It is a type of reflection attack in which the attacker manipulates publicly available domain name systems, causing them to flood a target with large amounts of UDP packets. Perpetrators can ‘inflate’ the size of these UDP packets using different amplification techniques. As a result, the attack is so powerful that it can pull down even the most stable Internet networks.
What can you do against a DDoS attack?
Strong planning, as it is most of the time, does half the job. When a DDoS attack occurs, it is likely that you are too late. So, have a plan and take a close look at the current situation. Examine the web server’s capabilities and when needed, change the load balancing.
5 examples of ways to prepare your server against a DDoS attack
- Make sure that your firewall and infrastructure are capable of handling massive volumes of traffic.
- Go for redundant infrastructure (loadbalancers, webservers, domain name servers).
- Setup DDoS protection for each website/host by using services of companies such as Claudflare (this will lead to extra costs for the customer).
- Buy and manage your own mitigation device (extremely expensive and needs a great deal of knowledge).
Full redundancy and a strong network
If you have several servers and the attack is aimed at just one server, you could be safe. However, this requires a lot of coincidence. Therefore, it’s more important to choose a strong network.
The Tilaa network is fully redundant with top quality equipment that is internally connected. The routes are interconnected and operate along geographically distinct routes. Our network is not likely to be the bottleneck in a DDoS attack.
DDoS protection: the scrubbing center
A DDoS attack can easily generate from about 80 to 300 Gbps. When a DDoS is detected, traffic is automatically rerouted to our DDOS mitigation provider. Here the malicious traffic is filtered out and the clean traffic is sent back to Tilaa. By only routing the clean traffic to your VPS, we can ensure that it will stay accessible for legitimate traffic.
Credit: Source link