Before attempting to stop any impending DDOS attacks, it is beneficial to try and understand how the DDOS traffic is created in the first place. In practice, the large traffic that constitutes a DDOS attack does not usually come from one source. The main way such traffic is generated is using a botnet. A botnet is described as a collection of PCs that have been infected with a virus that allows the writer of that virus to control them in what is known as a botnet herd. Botnets still thrive today because viruses use the vulnerabilities in Windows OS based computers to infect these computers and control them. Botnets were first mainly used by email spammers who needed their traffic to be generated from different IP addresses. As the internet gradually became secure from spamming, these botnet herders now rent out their networks to attackers that want to launch a DDS attack. An increase in traffic as a result of botnet herds can be quickly detected by Internet Service providers who would then take the compromised machines out of the network. To avoid this, some DDOS attacks make use of Amplifying techniques. These amplifying technique make use of DNS reflection. To effectively try and stop a DDOS attack, understanding how DNS reflection and DNS works is important. DNS provides servers with a resolved IP address for a server that is named in a way that is easy for humans to understand. A server is typically given a human understandable address that sits over an IP address. DNS resolved the human understandable address to an IP address that machines on a network can understand. The problem usually arises when these DNS resolvers are misconfigured to receive queries from anyone online rather than only ISP clients. Here are some ways that organizations can protect themselves from DDOS attacks: 1. Changing defaults in Major router OS's It has been demonstrated that TCP SYN attacks can be stopped by changing the defaults in major router OS's. These typically create DDOS from the many half open connections on routers. By updating gateway servers, switches and firewalls so that they operate with the latest operating systems, networks can successfully stop DDOS attacks that rely on the implementation weaknesses in the TCP/IP and TCP/IP stack layers. 2. Having a Large Bandwidth Another way to dry and stop DDOS attacks is to have a lot of bandwidth. Some businesses go for large links for instance the 802.3ba with 40/100gbps together with redundant links to stop the effects on DDOS attacks. Normally, as long as the DDOS attack does not affect a network, it is usually a matter of time before the attackers give up. This is because the attacks are expensive to keep running for a long time. Businesses relying on traffic through web servers should consider having large bandwidth links-some of which remain redundant. One way of achieving this is to sign up with web hosting companies that also have redundant connectivity to major internet backbones. Web hosting companies that only rely on one or two backbone providers and who use low bandwidth connections can form single points of failure under a DDOS attack at very crucial times for a business or its clients. 3. Using Anycast and Load sharing Businesses that have multiple websites co-hosted at several data centers can use anycast and multicast source discovery protocol to stop DDOS attacks. Anycast is a technique used in networking where the same IP prefix is advertised from multiple internet locations. As a result, several servers on the internet, share the same IP address. This becomes greatly effective when a DDOS attack finally occurs. A network switch on a network with an anycast website handles a web page request by forwarding it to the closest server that is free on the network. If the server is down due to a DDOS attack, the web page request is automatically routed to the next healthy server, and onwards, until the web page request if serviced. Anycast websites can be distributed geographically across continents such that in case a DDOS attck originates from a botnet in one part of the world, the load of the attack is automatically spread across all the other servers. With a well-planned anycast website, DDOS attacks soon become easily diluted in their impact, with little effect to the access of web services or information for users. Anycast websites and other distributed load sharing technologies, may not however provide total protection from a huge DDOS assault. This approach can be a good solution however, for businesses that do not have expert network administrators or web hosting services from a company that has multiple hosting farms. DDOS attack protection solution providers however also provide businesses with real time network analysis servers so that they can monitor and detect DDOS attacks as they build up, and take the right measures. About the Author: Rivalhost.com is a DDoS Protection company that offers managed web hosting and DDoS Mitigation services.
Related Articles -
stop ddos, ddos attacks, denial of service, DDoS attacks, distributed denial of service, ddos attack protection, ddos mitigation techniques, ddos,
|