What type of Attack is DDoS?
If you’ve been reading up on internet security, you may be aware that DDoS attacks are one of the major headaches of the modern internet. You may not, however, be aware of the fact that there are different types of DDoS attacks and that you need somewhat different approaches to dealing with them.
DDoS Attack Types
Ultimately, there are only two types of DDoS attacks. These are infrastructure-level DDoS attacks and application-level DDoS attacks. The former takes place at layers three and four of the OSI seven-layer model. The latter takes place at layers six and seven of the OSI seven-layer model.
Infrastructure-level DDoS attacks require little skill to implement. They can be devastating while they last but they generally only last a relatively short time. This is because they are very easy to detect and their unsophisticated approach means that they are generally very easy to remedy.
Application-level DDoS attacks do require skill to implement. They are relatively stealthy because they typically only target the highest-value parts of a website such as the login page or the payment page. This makes them harder to detect and harder to remedy.
DDoS Attack Prevention
The nature of DDoS attacks means that it’s virtually impossible to prevent them from happening at all. It is, however, very possible to minimize, if not eliminate their impact. You do this by managing your infrastructure to absorb the attack while you work on identifying the specific attack vector being used and deal with it.
Your first line of defense against DDoS attacks is as much bandwidth as you can afford. Your second line of defense is a web applications firewall. Your best option is usually to invest in a website vulnerability scanner that will have both a WAF and an anti-malware scanner.
You want to use your firewall (and your other network-traffic-filtering options) to keep out undesirable traffic, while still letting in the traffic you actually want. Of course, it can take a bit of trial and error to get this right and it’s never guaranteed to be perfect but it should be a strong defense.
Your last line of defense against DDoS attacks is to deploy your network infrastructure astutely. For example, you could look at solutions such as smart DNS resolution services, content distribution networks, and load balancers. All of these can help to keep your traffic moving as quickly as possible so that your users experience little to no impact during a DDoS attack and you can take remedial action quickly, quietly, and discreetly behind the scenes.
Identifying a DDoS attack
As previously mentioned, one of the most frustrating features of DDoS attacks is that they are virtually impossible to prevent. This means that you need to be really on the ball to identify them when they are in progress and to take action before they become critical. With that in mind, here is a quick guide to some of the key signs of a DDoS attack.
Your traffic shoots up for no obvious reason
Make sure that you have effective internal processes for communicating any actions taken internally which might lead to a sudden spike in traffic to your website. For example, if your sales team wants to run a flash promotion, they need to let you know first.
You receive multiple requests from the same IP address in a short period
While this is a classic sign of a DDoS attack, there is a nuance you need to appreciate. There are plenty of legitimate uses for internet bots that make super-fast, repeated requests in a short period. For example, web search engines use them to crawl sites to provide internet results. You, therefore, need to make sure to whitelist the “good” bots or you could end up causing yourself a lot of trouble.
Your server responds with a 503 due to service outages
Set up your server to email an administrator if it experiences a 503 error. These are not unique to DDoS attacks (although DDOS attacks are a common reason for them) but they do need to be investigated.
Your ping requests time out
If you’re running a business website, you should be using a ping-testing service to keep track of your website’s responsiveness. As with the server 503 error, this is not necessarily a sign of a DDoS attack, but it is a sign of a problem that needs to be investigated.
Employees complain of slow connectivity
This only applies if your website and your internal network use the same connection and again it is not necessarily a sign of a DDoS attack but it does need to be investigated.
Please click here now to have your website scanned, for free, by cWatch from Comodo.