Jan 30, 2017
Are you struggling with repeated DDOS attacks against your organisation?
Not sure on the best way to move forward, or how to prevent them in the future?
Perhaps you just want to ensure that your organisation has the right processes in place to minimise a future attack's impact?
You'll want to read on.
What is a DDoS Attack?
A DDoS (distributed denial-of-service) attack is an attempt to make your organisation's computers unavailable to its users. A DDoS attack could be carried out against your web servers, preventing prospects from being able to aspect your website, for example, or even be carried out against your VPN, preventing employees from being able to login to your network when they're outside of the office.
The most common method of attack involves hundreds, if not thousands of computers sending external communication requests to a network or server in bulk, so much so that it gets overloaded and cannot respond to "real" traffic in a timely manner, making it essentially unavailable to users. DDoS attacks often result in server overload, and cause it to crash.
Attacks vary in their techniques and complexity. Some DDoS attacks can be readily prevented with software or network defences, others cannot.
What's The Best Way to Manage a DDoS Attack?
First things first, as a best practice, your networks and servers should employ the latest DDoS attack prevention functionality. There are numerous pieces of software and hardware that can help you to strip out many attacks automatically.
Once you've protected your network to the best of your ability, it's time to think about identifying attacks. Some service packages can help you to detect DDoS attacks. It's also often possible to spot the tell tale signs of a DDoS attack when your servers are responding slowly, yet bandwidth usage has shot through the roof.
When you're aware that you're under attack, try to identify the source. If it's a small attack, it may be easy to identify the computers sending bogus requests, and block the IP addresses, or IP ranges in question. More intelligent attacks unfortunately tend to come from roaming IP addresses, making blocking them all but impossible.
If you've identified the source of the attacks, and failed to block them, it's worth trying to identify the attack's other unique characteristics. What type of attack are they making? Are all the requests coming from one user agent? Look for any patterns you can think of that you could use to block the requests with your firewall.
At this stage, you may need to contact your carrier (the company that provides you with your bandwidth) to discuss the attack, and ask them how they can help. Whilst blocking the attack in your firewall will help reduce the impact on individual servers, it's usually the case that the huge number of attacking computers also max out your bandwidth allotment, providing a further barrier to users reaching your servers. Many carriers now have their own technology that they can employ on the fly to help you manage an attack.
Once the attack is over, you'll want to report the attack to ActionFraud, or the appropriate law enforcement department in your country. Don't delete any logs that could be useful in determining who the attacker is. DDoS attacks are not legal.
If DDoS attacks are becoming an ongoing concern for your company, getting increasingly expensive and costing your organisation dearly in lost time, then it may be worth working with a DDoS Mitigation and Protection service provider like Prolexic. These companies can help you to both prevent and mitigate DDoS attacks, greatly reducing the headaches they bring to your team.