How to tell if you've been hit by a DDoS attack, and 5 ways to be prepared
Distributed denial-of-service (or DDoS) attacks aren’t new – however, the ferocity and volume of attacks has risen sharply over recent months. Just last month, a stream off attacks wreaked havoc across the Internet and continued DDoS attacks shut down one of the world's largest Bitcoin exchanges, MtGox.
If you think these attacks are orchestrated by highly sophisticated cyber masterminds, think again. As the name implies, a DDoS simply tries to prevent a service from working. In a DDoS, the attacker uses a large number of machines from all over the Internet to send enormous amounts of traffic towards the target.
Usually, the source of the traffic is a network of compromised “zombie” computers (also known as a botnet) that send the traffic. Hacker forums, blogs, and even YouTube share easily accessible information on how to set up a DDoS attack, making it so that practically anyone with an Internet connection can launch their own attack.
However, DDoS attacks are not only obnoxious to deal with – they can have very real detrimental consequences for business.
How can you tell whether you’ve been the victim of DDoS?
When dealing with a DDoS attack it is worth noting that it can be challenging to even determine if your website is down due to legitimate traffic, rather than an attack. The key to telling the difference lies in the length of time the service is down – if slow or denied service continues for days rather than a spike during a campaign it is time to start to look into what’s going on.
Additionally, if the same source address is querying for the same data long before the Time to Live (TTL) has passed, it could be a sign that they are up to no good. Unfortunately, you cannot simply check to see if all of the traffic is coming from one IP, as this is the exact purpose of a DDoS: to have traffic coming from multiple sources.
How can you prepare yourself?
Of course, you won’t want to wait until you have become the latest unfortunate victim of the long line of attacks. There are a number of steps you can take to ensure you won’t make yourself a target and keep your network clean of spammers and other miscreants:
1. Be aware
Invest in technology that allows you to know your network's normal behaviour and will make you aware of any abnormal incidents such as a DDoS.
2. Boost capacity
Make sure you provision enough server capacity and tune for best performance under high load. Build the biggest network you can with effective elements for advanced mitigation.
3. Practice your defence
Knowing how to use your defensive strategy is just as important as buying and installing it. Practice the drills over and over to get it committed to your staff's minds.
4. Get help
If you don’t have the resources to deal with attacks in-house your best bet is to outsource to a managed DNS provider who can redirect site visitors to hosts that aren’t down with advanced features like load balancing and performance monitoring.
5. Be prepared
The best way to avoid any disruption from a DDoS attack is to be prepared for it. If you are having a hard time deciding whether or not you actually need to invest in a stronger mitigation technique (e.g. you believe your industry or business is at a low risk of an attack), figure out the impact it would have on your company financially if it were to happen.
Although it may not be an apparent risk, the cost associated with being attacked is usually much higher than the cost to take safeguards.