DDoS Attacks are widespread threats on the internet. With the continually increasing numbers of connected devices and new innovative ways of hacking them, we can’t just stay and wait to get affected. We should smartly implement our DNS infrastructure and choose a trusted DNS provider to be safe and to evade the downtime of our services.
But to be protected, we must know the danger.
DDoS attack (denial-of-service attack). There are few different types, but in general, a DDoS attack is an attempt to overwhelm the target (a computer, few connected computers or a whole DNS network) with high traffic from multiple sources.
Common types of DDoS attack
This attack is performed over the ping tool (ICMP echo request). The ping tool is used to check the reachability of connected devices. When you send a ping request to the destination address, you should receive a confirmation. It this DDoS attack, the ping is sent to a device but from a masked IP. The return confirmation doesn’t go to the original source, but it is redirected to the target of the attack. All the infected devices will do the same, and they will send the traffic to the victim.
This action involves sending packets of data to the victim. The packets are fragmented, and the target can’t make sense of them because of a bug in the TCP/IP fragmentation reassembly, this makes the victim crash.
Ping Of Death
It also uses the ping tool for bad. It takes advantage of the TCP/IP fragmentation and sends IP packets with a size bigger than 65,536 bytes, the maximum possible of IP protocol. The victim device, don’t know how to react to those packets and crashes, freezes or reboots.
Preparing a DDoS attack
To launch a DDoS attack, first, the criminals need to “recruit” enough connected devices that later will generate the traffic. To do so, they infect those machines with different malicious software (from emails, visiting unprotected sites and more) and create so-called botnets – hijacked devices ready to be used when it is time for the attack. There are even markets for botnets, where you can buy an attack on a website of your choice.
How to prevent a DDoS attack and stay safe?
The cyber-criminals can make a vast network of botnets, but it doesn’t mean you can’t be protected. ClouDNS provides you two options to stay away from DDoS troubles.
You can choose and subscribe to a DDoS protected DNS.
All plans provide unlimited Layer 3-7 DDoS Protection. Whichever you pick from them, you will be able to use 4 DDoS protected DNS servers, 29 Anycast locations and unlimited DNS queries. For big companies, we recommend our DDoS Protection L subscription with 400 DNS zones that you can manage.
It adds resilience, reduce the outage periods by answering requests even if the Master is down.
The more extensive your DNS network is, the better. The massive traffic from the attackers can be distributed between your servers in the different locations, and it will ease the load.
To be safe, always choose quality service provider like ClouDNS.net.