By now, you have probably heard that sites including Twitter, Spotify, and Amazon (to name a few) experienced outages a couple of weeks ago in what appears to have been a DDoS attack. Dyn, which manages website domains and routes internet traffic, experienced two distributed denial of service attacks on its DNS servers, according to CNN Money. Services were restored, however, Dyn was again monitoring an attack against its DNS server hours later. "We have begun monitoring and mitigating a DDoS attack against our Dyn Managed (Domain Name System) infrastructure. Our Engineers are continuing to work on mitigating this issue," Dyn said on its website at 11:52 a.m. ET., Friday, October 21st.
So, what exactly is a DDoS attack and how can your company avoid such an attack?
Distributed Denial of Service (DDoS) attack is when a web service is intentionally overwhelmed by traffic from many sources. It is a common method for digital assaults. These attacks certainly aren't new and they occur on a constant basis, but some attacks are more newsworthy than others. Especially when it takes down multiple popular sites.
Knowing the basics of a DDoS and being equipped to deal with a large scale attack are two very different things. When large sites are often attacked, it's important that those corporations and networks do everything they can to deflect them and remain accessible. Even if you have a smaller site, you never know when someone will decide to go after you. Here are some of the important details of what a DDoS really is, and some methods that can be used to make sure your network is safe from them.
Now, there are various ways a DDoS attack can be done. First there's what's called a Syn attack where an attacker can send large volumes of connection requests to overwhelm a server. It basically leaves the server waiting for a response from the originating system that never arrives. The bogus connection request will eventually time out, but in the meantime, that connection is not available to legitimate users.
Another clever way is to use DNS (Domain Name System). There are a lot of network providers who have their DNS servers configured to allow anyone to launch queries. Also, because DNS uses UDP, which is a stateless protocol, these two facts make this a potent way to create a denial of service. All the attacker has to do is find open DNS resolvers, craft a fake UDP packet that has a spoofed address, the one of the target site, and send it to the DNS server. Albeit the request comes from the attacker/botnet, the server thinks that request came from the server instead, and will send the reply to that location. So instead of having the actual botnet conduct the attack, the only thing the target site will see is a bunch of DNS replies coming from many open resolvers, all around the Internet. This is a very scalable type of attack, because you can send a single UDP packet to a DNS server asking for a full dump of a certain domain, and receive a very large reply.
Protecting Your Network
Now that you know a DDoS can take place in multiple forms, when building a defense against them, it's important to consider these variants.
1. Plan in advance - Sure, there is rarely a way to see an attack coming. However, the best defense against a DDoS attack is a strong offense, planned and implemented before you're in the middle of trying to halt an attack and restore your services.
2. Contact your ISP provider - If you're feeling the impact of a DDoS attack, it's likely that your ISP provider is too.
3. Incident Response Planning - Be ready with a great incident and customer response program and include it in a DDoS mitigation plan.
4. Consider establishing a partnership with an IT expert - Such a partner should be able to provide complete solutions that include built-in protections from DDoS attacks. Your IT partner can distribute services through different data centers, reducing the exposure to and impact from DDoS attacks.
DDoS attacks are expensive problems, but expert IT partners can help you plan proactively to reduce your upfront risk. Give Commercial IT Solutions a call today so we can provide you with a network assessment and help your company avoid this type of headache.