What is DDoS and how to mitigate it?


Incapsula DDos Response Plan

What is DoS (Denial of Service) Attack?

A denial of service (DoS) attack is an explicit attempt made by an attacker to make victim's Internet resources unavailable to its intended audiences. The DoS attack is usually carried out by one machine connected to the Internet by exploiting known UDP and TCP vulnerabilities.

What is DDoS (Distributed Denial of Service) Attack?

A distributed denial of service (DDoS) attack is a type of DoS attack carried out by multiple compromised computers to flooding victim's network in a way that victim's server cannot handle it. A DDoS attack involves 3 parties: an offender, helpers (or botnet) and a victim. The offender is the one who plots the attack, and helpers are the machines that are compromised by the offender to launch attack against a victim (the target). The offender commands the helpers to attack the victim's host at the precisely same time.

Why do people launch DDoS Attacks?

It is hard to pinpoint why some entities are targetted for DDoS attacks, and who's behind it. Since there are no hard evidences of why DDoS are happening, we'll rely on researches and theories based on some speculations to name a few reasons. Of the list below, some research states that hacktivism and vandalism were the main motivations for DDoS attacks.

  • Hacktivism - Some hackers protest their critism by launching DDoS attacks against organizations or governments. Most government sites are attacked via DDoS one way or another by groups or even by another nation.
  • Vandalism - Some hackers launch DDoS attack for no reason other than vandalising some known entities.
  • Booter Services - A DDoS service offered by cyber criminals in exchange for money. A large number of DDoS attacks are carried out from purchased subscription. A research found that $100 can buy a week-long DDoS attack from a black market.
  • Extortion - Although rare, there have been several DDoS attacks followed by a ransom note. An example of popular extortion attack is demanding 50% share of Manchester Based Online Casino using DDoS threat.
  • Competition - A business owner sabatoshing it's competitor can benefit by damaging reputation of its competitor as well as gaining visitors to it's own site. Some online gambling sites are known to DDoS their competitors.

What is your protection plan?

Most small to medium size busniesses have limited resources to fend off a DDoS attack. A study from Incapsula states that nearly a half of DDoS attacks last between 6 and 24 hours. Depending on size of the attack, your team may not be able to fend off yourself in which case you'll have to rely on professional services.

For small scale DDoS attacks, you may mitigate youreself by securing your server with mod_evasive, mod_security and other WAF (Web Application Firewall) utilities offered by your operating system.

For larger scale DDoS attacks, you'll have to turn to professional DDoS protection service providers. Even as tiny as 5Mbps attacks can't be handled by WAF utilities (see above) offered by most Linux distros.

There are a number of DDoS protection service providers, and picking anyone will most likely resolve moderate scale DDoS attacks. Most providers offer 7-day free trial, so you may use it to mitigate "under attack" situation, and seek long-term solution. Our experience with Incapsula mitigated one incident we've experienced with one of our sister site.

Incapsula Business Plan Trial

Disclaimer: We receive compensation when a purchase is made from the referred link. Our recommendation is based on our research and positive feedback we received from the users who've used the services.