What exactly a DDoS Attack is?
When your Network Or Server becomes a victim of DDoS attack, it becomes flooded with fake traffic and eventually becomes unavailable for its intended users. In most cases the websites engaged in financial services are targeted making their operations paralyzed. Of several methods, the most common one is to continuously send out multiple requests to the target thus making it unresponsive. In some cases, it is also observed that attackers launch an attack to crash the server/s, and this is another form of DDoS attack.
Symptoms of DDoS
Following are the general symptoms that indicates DDoS attack :
- As explained above, most common symptom of DDoS attack is the target server receive unusual amount of traffic flood and becomes unresponsive.
- The target server may suddenly crash also.
- All the websites residing on the target server may become unavailable.
- Your server may experience sudden disconnection of internet.
- Sometime a DDoS attack is accompanied by some malware too. Under such circumstances the severity of the attack is greater and so as the damage.
To set up this network, attackers seek for the computers which are improperly secured, like those that have not been appropriately patched, or those which are out-of-date or the systems which do not have any anti virus application. Once the Attacker come across these computers, they set up new applications in the computers through which they are able to control this system remotely for performing the attack.
How to Prevent DDoS Attack?
Simple rules that generally save your server from other hazards, save from DDoS attack too. For example (i) Keeping your Server with all the current updates from O/S, (ii) regularly apply security patches on your Server, (iii) Keep your network port secured etc. However, it will not be sufficient, several other steps will also be needed.
Firewall
Applying secured Firewall setting will certainly help you to avert simple DDoS attack. A firewall is a protective system that stands between your Server and Internet. This prevents any attempt to unauthorized access and usage of your Server resources. But only Firewall setting will not make your server DDoS proof. The reason being its location. It is located at a far distance on the data path thus making it difficult to provide full protection against DDoS attacks. Since Firewalls reside in-line, hence they are frequently targeted by the attackers while they try to saturate their session-handling capacity to cause a failure.
Another reason that prevents a firewall to provide complete protection against DDoS is its incapability to detect any deviation. Firewalls are primarily intended to control access to private network so when your web server receives requests from DNS, Web and other similar services, which must be open to all to receive requests from, the Firewall lets HTTP traffic pass on to the IP address of your Web Server. While this provides a little bit of protection by ensuring traffic acceptance only via specific protocols for specific addresses, this often remain incapable to fight out against DDoS attacks because attackers usually use the HTTP to carry their attack traffic.
This clearly means that Firewall can not recognize when valid protocols are being used as an attack vehicle thus leave your web server vulnerable. Firewall also does not have any capability to fight against comprehensive DDoS attack because it lacks anti spoofing capability. A Firewall, at the most can shut down a specific flow associated with the attack but it can not perform anti spoofing on a packet-to-packet basis to distinguish legitimate traffic from the bad action.
Limit the Number of Connections
Increased number of connections will lead your Server to overload, therefore it is advisable to limit the number of new connection requests. Allow your Server to breath freely and rest temporarily. When there are limited number of IP addresses involved in the DDoS attack, you can use Source Rate Limiting. For this, you will need to detect outlier IP address that breaks the norms, you can deny access to them to use excessive bandwidth. To isolate outlier is not an easy task, you will need to keep a track of millions of IP addresses and their behavior.
Disable DNS recursion to block DNS lookup
To protect your Server from such attacks, keep the DNS recursive lookup feature disabled. In the DNS amplification attack, the victim website or DNS server is flooded with wide range of data requests. Hackers send a request to the recursive DNS. Third-party DNS servers are used to amplify the attack and to conceal the actual attack source. DNS servers play a vital role on Internet by translating site names into computer understandable IP addresses. When a zombie pc is used as an assailant, the attack can be mitigated by blocking the source traffic, but when poorly-configured DNS servers that have been compromised are used, the servers cannot be blocked without disrupting service to many internet users. To avoid having a DNS server used for such an attack, it is advised that system administrators disable the DNS recursive look-up feature.
Use of Third party DDoS protection service
Apart from all other precautionary steps to prevent your Server to become a victim of DDoS attack, one may also like to go for DDoS protection service which will provide more protection from malicious traffic.
Legality of launching DDoS attack
To launch a DDoS attack on any Server Or to indulge at any level in such activity, is a straight violation of Internet Laws of any country and this act is liable to punish the guilty according to the legal provisions of respective country.
