HP TECH TAKES /...
Exploring today's technology for tomorrow's possibilities
Subscribe
What is DDoS and How to Stop an Attack
Dwight Pavlovic
|
January 13, 2023
DDoS attacks are an increasingly common source of frustration for anyone who does business online. Over the last decade, the frequency and sophistication of these attacks have grown rapidly and experts don’t expect them to slow down.
Handling an attack on your own can be technical, but there are ways to reduce the severity of attacks and make cleanup easier for you or security partners. Keep reading for more details, but here’s a quick checklist of how to handle an attack and speed up recovery:
- Contact your ISP or digital security provider
- Notify staff or employees
- Monitor and update security software
- Consider basic steps for mitigation
- Always have a DDoS plan in place
Today we’ll talk about how to stop a DDoS attack, troubleshooting after an attack, and different types of attacks.
What does DDoS mean?
Short for “distributed denial-of-service attack,” a DDoS attack is more difficult to trace and contend with compared to a standard DoS (denial of service) attack. While you can interrupt a DoS attack by blocking the source of the attack, bad actors aggregate DDoS attacks from a large number of hijacked IP addresses. You may see no impact on your access if you block just one part of a distributed attack.
Both DDoS and DoS attacks overload your website and online infrastructure with frivolous requests, edging out legitimate users and customers with a torrent of fake traffic. However, DoS attacks are limited to a single origin point, which is why attackers now favor DDoS.
Despite growing in prevalence more recently, DDoS attacks have been around for a long time. According to the Internet Protocol Journal, the first documented attack targeted internet service provider Panix in 1996. And as people and businesses shifted online, these attacks became more common. Modern trends also show an increase in so-called “DDoS for hire” schemes.
What happens when you get DDoSed?
The scale of a DDoS attack is an important determining factor of what actually happens, and so are the targets. Have attackers targeted your servers and web resources? Or are they after your IoT devices in your home or business? With more limited processing power than enterprise hardware, smart home devices and even game consoles are vulnerable to DDoS attacks.
Attacks on web infrastructure can result in slow load times and related issues for legitimate customers. On the other hand, hardware attacks can render a device virtually useless. In these cases, one quick fix is turning off the device and disconnecting your router. We recommend talking to your ISP about issues in your home, and your corporate security team for problems with office hardware.
How to tell if you’re being DDoSed
Unfortunately, the most effective DDoS attacks use an oblique strategy that is difficult to detect. Some DDoS attacks may take place in short bursts, interfering with functionality during peak hours or avoiding attention by focusing on a particular page or functionality.
In many instances, your web security may catch low-level attacks automatically. To detect more complex attacks, you may want to monitor your online traffic and check on certain features.
Is activity out of control at unusual times? Are IP addresses looking unusually similar? Both may indicate an attack.
How long do DDoS attacks last?
Depending on the severity of the attack, DDoS attacks can last up to a day or more. But with robust planning and good security partners, you can usually manage small to mid-sized attacks in a matter of hours or minutes. Not all attacks take place in a single flood, making them harder to detect.
This type of sporadic attack can vary in length, from short-term actions that last for a few minutes to longer strikes that exceed an hour. According to the DDoS Threat Landscape Report 2021 from Swedish telecom Telia Carrier, documented attacks average a 10-minute duration.
Most common types of DDoS attack
Distributed attacks are a category of DoS attack, but their popularity means there is a wide variety of types of attacks. It’s only gotten worse now that DDoS attacks are monetized as an affordable service for hire.
Here are the three main categories of DDoS attacks.
Volumetric attacks
Also known as flood attacks, volumetric attacks are the classic DDoS attack. Many other types of attacks share some characteristics, but a volumetric attack’s core features are distributed origins and torrents of illegitimate traffic. This prevents visitors from navigating your website or using web resources.
Protocol attacks
Protocol attacks are a bit more sophisticated. They target particular network layers, disrupting operations by interfering with server operations. In particular, protocol attacks interfere with layer 3 and 4 communications, which are related to critical features like your firewall and security. SYN flood attacks are an example of a protocol attack.
Application attacks
Also known as application layer attacks, application attacks are the most complex and often the most dangerous. They consume memory and disk space by triggering and closing a variety of processes, making it virtually impossible for legitimate users to interact with the affected application. A prominent example is the HTTP flood, which effectively masks most of its activity.
How to fix a DDoS attack
If you’re knowledgeable about servers and software, or if you have an IT team who is, there are a number of DIY approaches to managing DDoS attacks. Rate limiting is a popular method that automatically handles low-level attacks by capping how often the attacker can repeat certain actions. And since DDoS attacks are persistent, the difference between legitimate and illegitimate traffic is easy to spot.
For those who don’t know how to manage or limit network traffic, there are some good (and straightforward) rules of thumb to follow.
Contact your ISP or digital security provider
Contact your ISP or third-party security partner first. If you can access external security support, chances are they can solve your problem quickly. If you don’t have security support, you can still contact your ISP for immediate help.
Your options will vary based on your provider, but most offer support features to handle the growing scale of DDoS attacks. For example, AT&T offers “reactive” protection to quickly interrupt attackers. These solutions have the extra benefit of being through an established partner – like your ISP.
Notify staff or employees
During an attack, you may be tempted to try and get a grip on things before sounding the alarm. However, this risks delaying a solution and interfering with workflow, because more than one person may end up troubleshooting the same problems – or even the wrong problems. That’s why you should notify IT and any other potentially affected employees as soon as possible.
Manage security software and settings
It’s never been more important to update your security software and take advantage of any relevant functionality. Most software options provide monitoring systems to identify and monitor suspicious activity.
Similarly, make sure to maintain your web server’s security. Simply updating software and drivers helps fight against attacks, but you may also have access to more specialized solutions like a web application firewall (WAF). Installing a WAF can help reduce the impact of the most severe, application-style DDoS attacks.
Consider basic steps for mitigation
There are several easy ways to boost your security after an attack and even to contain some of the most damaging consequences.
The first step is often as simple as disconnecting your internet connection to interrupt an attack. This is especially true if you’re experiencing a DDoS attack on a gaming console.
For some devices, however, it’s impossible to just pull the plug. Instead of disconnecting, load up your security software to see if you can start blocking IP addresses on your own.
At this point in the process, it’s common to want to know how to fix a router after a DDoS attack. Fortunately, an attack does no actual damage to your router, but you will want to reset it just to be safe. You can do this by unplugging the router’s power cable for 15 to 30 seconds, then rebooting.
Always have a DDoS plan in place
The most important DDoS advice is to be prepared. Whether you work by yourself or manage a big team, it’s important to understand your vulnerabilities and your resources. If you don’t have the personal know-how, shop around for a host or security consultant who can resolve DDoS issues.
Can you report DDoS attacks somewhere?
Are you wondering how to report a DDoS attack or if you even should? Reporting an attack may not result in immediate help with an ongoing attack or during the recovery, but it can reduce the likelihood of future attacks against you and other targets.
Gather documentation and screenshots of the incident to include when filing any complaint.
How to trace a DDoS attack
While it is possible to trace a DDoS attack, the process is extremely complex and time-consuming. You may be able to uncover a single authentic IP address in a DoS attack, but a major effort like a DDoS attack has thousands or more addresses to follow. For most businesses, the effort just isn’t reasonable.
Prioritize DDoS prevention and mitigation
Now that you know what DDoS stands for and how to stop a DDoS attack, the next step is to make sure you create a plan to recover from one of these incidents. There is no better way to prevent a DDoS attack and reduce its impact than with a thorough plan. It may take some time, effort, and budget, but you’ll be grateful you thought ahead during an attack.
