Distributed Denial-Of-Service Attack happens more often then you think. When it happens, it’s every business’s worst nightmare. Your visitors and legitimate users find themselves not being able to access the site. You will be prevented to do any work online and your business may grind to a halt if it’s Internet based.
DDoS has recently happened to one of my clients and it shot down our dedicated server, with several other websites, for over a day. And we were prepared to some extent, as one of the ways to defend against this kind of an attack is by over-provisioning. In simple terms, have your server ready for much more traffic, then you will need. This may give you time to notice all of this extra traffic coming in, and do something about it.
Some programmers when creating a network, have a tendency to prepare for their highest predictable level of genuine customer traffic. A website, for example, might provide enough capacity for a daily traffic of 20,000 visits. This will not be adequate to defend a good-sized DDoS attack. Expect a DDoS attack to easily send as much traffic to you in just one minute! That translates to 28 million “visits” in a single 24-hour attack. A site only prepared for 20,000 visits will come down pretty quickly.
By overpowering a web site and a server with requests, the target system either responds so slowly as to be realistically unusable or crashes totally. The data volumes needed to do this kind of damage are typically achieved by botnets. Botnets are networks of remotely controlled infected computers known as zombies.
But who is doing this? Who can do a Distributed Denial-Of-Service Attack? Who controls these botnets? Botnets are controlled by the denial of service attacker. In most cased this is done through the use of Trojan viruses. Prolexic, company specializing in DDoS protection, currently tracks over 4,000 control servers, which deploy these botnets for DDoS attacks.
Because Internet-based companies depend on traffic and the server functionality is critical to the profitability of their businesses, the impact of a DoS or DDoS attack can be disastrous. It would also be widespread, affecting your capability to communicate, process transactions or function effectively for hours, maybe even days. It’s been documents that there are more than 7,000 distributed denial of service attacks observed daily.
So should you be worried about a Distributed Denial-Of-Service attack? It depends. If the purpose of your site is primarily to provide information, financial loss may be minimal. But, if your business is based on e-Commerce, then your losses due to a DDoS attack could be substantial. Some DDoS targets are clear: online gaming websites and financial services firms for example. But in reality, any company or web site could be a target. In the cyber underworld, it is possible to rent 90,000 – 110,000 hosts capable of a distributed denial of service attacks of 10 to 100Gbps. This is more than enough to take out practically any popular site on the Internet for around US$200 per day.
On the top of over-provisioning, what else can you do to protect your website? Redundant monitoring will give you time to react. When you’re under attack, it helps to know it quickly. A good alternative is to subscribe to a third-party service that monitors your site around the clock from several places on the Internet, assessing its responsiveness from an end-user viewpoint and providing alerts to your phone when problems are found.
How about server’s logs? Your web server logs will not understand a difference between a genuine visitor and a botnet node. All visits are usually recorded the same way. Even if your server has enough power and is able to recover from a DDoS attack, it fails because the logs became too large. The log data could be used, after the fact, for forensic purposes, its value is actually limited. It’s definitely more important that servers can respond to genuine users during the attack.
If you find log files increasing in size rather quickly, you’re faced with two choices: keeping the data and losing the server, or losing the data and keeping the server functioning. If your website is critical to your business and large log files are preventing you from recovering, your choice should be clear — delete the logs.
One of the most important factors is to know your hosting provider and what kind of services they offer. Are you dealing with someone who offers customer service 24 hours, 7 days a week? Someone who you can call day or night? After you call them, will they get on the problem immediately? What kind of a priority can you expect when you call? Make sure to know answers to these kinds of questions before you need someone to help you when your business is facing a DDoS.