DDoS Attacks are widespread threats on the internet. With the continually increasing numbers of connected devices and new innovative ways of hacking them, we can’t just stay and wait to get affected. We should smartly implement our DNS infrastructure and choose a trusted DNS provider, that offers DDoS protection, to be safe and to evade the downtime of our services.
But to be protected, we must know the danger.
What is DDoS attack?
DDoS attack is a denial-of-service attack. There are few different types, but in general, a DDoS attack is an attempt to overwhelm the target (a computer, few connected computers or a whole DNS network) with high traffic from multiple sources.
The cybercriminals can generate this strong wave of traffic by:
- Using a network of pre-infected devices (computers, mobiles, IoT devices, etc.) called a botnet
- Amplify attack that uses other servers to resend the traffic to a target after significantly increasing the size of the packets
- Occupy the existing connection and not allow new ones
- Exploit the vulnerabilities of a protocol, such as the UDP or another.
There are many DDoS threats, this is why you want to a DDoS defense too.
Signs of DDoS attacks
There are specific characteristics of each DDoS attack type, but in general, what you can expect during an attack is:
- Strange traffic, coming from one IP address or various but similar IP addresses (same range of addresses).
- Traffic coming from devices with a similar profile (the type of devices, OS, etc.) and same patterns.
- Out-of-ordinary traffic spikes like a huge spike, in the middle of the night without any sense or repeatable traffic, with a particular interval.
- Traffic only to a single page, and no further exploration of your website.
There is a solution that can stop most of the DDoS attacks, even a strong attack involving heavy traffic, called DDoS Protection. It is an additional service to a regular managed DNS plan.
To successfully mitigate a DDoS attack, you need to have the following 3 elements:
- Active monitoring. You need a system that checks for signs of attacks like increased traffic, suspicious traffic from particular IP addresses, and strange patterns of requests.
- Reactive service. One thing is to see the danger. Another is to take action. Good DDoS protection service must have auto triggers that will take action. This may include load balancing, traffic filtering, and an alarm system.
- Traffic load balancing. When we talk about heavy traffic, you need to direct the traffic to more servers. That way, you will balance the hit on one and disperse it to more. The more DNS servers your plan includes, the better possibility you have to resist the DDoS attack.
You need to have an intelligent DDoS protection service that can distinguish between heavy traffic because of your excellent promotion or real danger. You don’t want to block your real users at any moment.
Common types of DDoS attack
This attack is performed over the ping tool (ICMP echo request). The ping tool is used to check the reachability of connected devices. When you send a ping request to the destination address, you should receive a confirmation. It this DDoS attack, the ping is sent to a device but from a masked IP. The return confirmation doesn’t go to the original source, but it is redirected to the target of the attack. All the infected devices will do the same, and they will send the traffic to the victim.
This action involves sending packets of data to the victim. The packets are fragmented, and the target can’t make sense of them because of a bug in the TCP/IP fragmentation reassembly, this makes the victim crash.
Ping Of Death
It also uses the ping tool for bad. It takes advantage of the TCP/IP fragmentation and sends IP packets with a size bigger than 65,536 bytes, the maximum possible of IP protocol. The victim device, don’t know how to react to those packets and crashes, freezes or reboots.
Preparing a DDoS attack
To launch a DDoS attack, first, the criminals need to “recruit” enough connected devices that later will generate the traffic. To do so, they infect those machines with different malicious software (from emails, visiting unprotected sites and more) and create so-called botnets – hijacked devices ready to be used when it is time for the attack. There are even markets for botnets, where you can buy an attack on a website of your choice.
How to prevent a DDoS attack and stay safe?
The cyber-criminals can make a vast network of botnets, but it doesn’t mean you can’t be protected. ClouDNS provides you two options to stay away from DDoS troubles.
You can choose and subscribe to a DDoS protected DNS.
All plans provide unlimited Layer 3-7 DDoS Protection. Whichever you pick from them, you will be able to use 4 DDoS protected DNS servers, 30 Anycast locations and unlimited DNS queries. For big companies, we recommend our DDoS Protection L subscription with 400 DNS zones that you can manage.
It adds resilience, reduce the outage periods by answering requests even if the Master is down.
The more extensive your DNS network is, the better. The massive traffic from the attackers can be distributed between your servers in the different locations, and it will ease the load. Don’t forget that modern DDoS attacks target different communication layers, so you will need intelligent DDoS protection to respond fast and accurately.
To be safe, always choose quality service provider like ClouDNS.net.