The Data Rescue Center promotes companies to have emergency backup and recovery plans in place in case of an emergency.  We also wanted to share this great bit of information on how to ensure your website is protected from attacks.

The Growing Threat of DDoS and Denial of Service Attacks

Distributed denial of service (DDOS) attacks have dramatically increased over the years. While some may not be familiar with how a DDOS attack works, most will understand that when your website goes offline — you’re in trouble.

DDoS attacks work by overwhelming a website or server with requests until the server can no longer handle the incoming traffic, and eventually goes offline. These attacks take advantage of the TCP protocol.

The TCP protocol works like this:

● Your computer requests a web page from a server by sending a SYN (“synchronize”) packet to the host. ● The server receives the packet and send a SYN-ACK packet to acknowledge the request. ● The machine that initiated the protocol receives the SYN-ACK packet and responds by sending an ACK (“acknowledge”) packet. ● The ACK packet is received and the TCP socket connection is completed.

A DDOS attack takes advantage of how the TCP protocol works by initiating countless requests. Once the target server responds, the connection is not completed and left to timeout.

You then end up looking at something like this:

ddos-attacks-growing-over-time

DDOS Attacks Our On The Rise

DDoS attacks are increasing in not only size and strength, but they are also becoming increasingly more difficult to stop, and tougher to mitigate against. Part of this reason is the move from infected PC botnets, to using compromised servers that are able to send a huge volume of traffic.

According to a recent study by Prolexic, 2013 has seen a 33% increase in the total number of attacks.

screenshot

Attacks Are Getting Easier To Launch

What has affected businesses and website owners the most is the proliferation of DDOS-for-hire services popping up all over the internet. Prior to the explosion of these types of services becoming freely available, DDOS attacks were mainly a concern for banks, government websites, and large ecommerce sites. Now, with DDoS-for-hire services being so prevalent, a study conducted by Corero revealed that more than half of U.S. DDoS victims blame the competition.

How To Recognize You Are A Victim Of A DDoS Attack

There are two tell-tale signs that you may be experiencing a DDOS attack:

  1. Your website is completely unreachable and times out before a connection can happen.
  2. Your website is slow to respond and loads pages slowly. This is referred to as degradation of service and can be due to a denial of service attack, or a spike in traffic.

Sometimes it can be difficult to know if you are being attacked. If your website goes offline, it may be difficult to determine what’s happening without having experience. If you think you may be a victim of a DDOS attack, the first thing you should do if check your bandwidth graph. You can do this by looking in your control panel and viewing your most recent bandwidth statistics. If you see a huge spike in traffic that is out of the ordinary, you’re likely being targeted with DDOS.

What To Do If You Are Attacked With DDoS

If you manage your own server, you can attempt to identify and block attackers by finding the IPs that are being used in the attack.

Use this command to pull up active connections to your server:

netstat -ntu | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n

Once you know what IPs are being used you can block them in your firewall or IP Tables.

Most Attacks Will Require Help From Your Web Host Or A DDoS Mitigation Provider. Unfortunately, if you are faced with a large or sophisticated DDOS attack you’ll likely not be able to protect your website on your own. To add insult to injury, your web host will likely null-route your website (which means you go offline).

If your web host does not offer DDOS protection they will do this to stop attack traffic from spilling over the network and affecting other customers. Still, you’ll need to get in touch with your web hosting provider as they will be able to give you more insight into what is happening. From there, your best option is to consult with a DDoS mitigation expert.

About the Author Anthony Miller is a cyber security professional that helps educate businesses on the importance of DDoS protection and proactive security.