What types of DDoS attacks exist today? How to prevent a denial of service campaign against our website or blog? What are the most important tools in the sector to fight against this threat? In this article, we are going to see types of DDoS attacks and tips to prevent our blog from DDoS attacks.
Protect our Blog from a Potential DDoS Attack
At the end of 2016, five large Russian banks (including the state bank Sberbank) were the target of a sustained denial of service (DDoS) attack, that is, their services were severely affected for several days. The cause of this DDoS attack is found in the Mirai botnet, by which millions of objects connected to the Internet -like video surveillance cameras- were used to direct an immense amount of traffic to the web of these banking entities in order to render them unusable.
This campaign lasted no less than 12 hours and, in its busiest moments, it registered up to 660,000 access requests per second from 24,000 previously hacked devices in 30 countries around the world. Luckily, the financial operation continued its course and no critical process fell completely during all this time.
But in many other DDoS attacks the same fate does not happen. In fact, a report by Cisco has already predicted that this type of campaign popularized by groups such as Anonymous to publicize their protests – will continue to grow in number (nowadays DDoS services can be purchased on the dark Internet for less than 150 dollars) and hardness, to become attacks of Destruction of Service (DeOS).
A little earlier, in October 2016, a massive DDoS targeting Dyn (a company that controls much of the infrastructure of the Internet domain name system) caused a massive disruption in much of the US and Europe, with web pages crashing popular networks like Twitter, The Guardian, Netflix or CNN.
Understanding how these attacks work we have to prepare ourselves to protect our blogs and websites with the tools we have. Let us see how can we protect our blogs from these brute force DDoS attacks.
WARNING TECH GEEKS
YOUR INFORMATION IS EXPOSED
Your location is: Princeton, NJ
Your current IP address is: 2001:4455:2f7:b700:f880:7bad:b46b:1768
You can stream and download anonymously through your PC, Mac, Android, and iPhone through IP Vanish.
Types of DDoS attacks
- TCP connection attacks: Try to occupy all the available connections to your site. This includes all physical devices that provide service to the web, such as routers, firewalls and application servers. Do not forget that physical devices always have limited connections.
- Volumetric attacks: Flood the web of your website with data. This works either by overcoming your server, or even by occupying all the available bandwidth that goes to your server. It would be something like a flood or traffic jam, where nothing can move.
- Fragmentation attacks: Send bits and pieces of multiple data packets to your server. In this way, the server will keep busy trying to reassemble them and will not be able to handle anything else.
- Attacks of application: They point specifically to an aspect or service of the portal. These are more dangerous, because, with limited guidance, you may not realize that you are under attack until something stops working properly.
Tips to prevent DDoS attacks
The experts do not hesitate to raise a series of recommendations that, although they do not guarantee us to be left out of the growing campaigns of DDoS attacks, they will give us some possibility that our website does not ‘fall’ before a threat of this type. Among these tips we find:
- Use Proxy Protection: A proxy is a buffer that protects your website from the Internet, something like a fence. This offers an additional layer of protection that could serve to warn you in advance of an incoming attack. It also hides your real IP address, although all this is invisible to legitimate web visitors.
- Protection against counterfeit IP: Cybercriminals are fond of hiding their real IP addresses by hijacking others for their own use. Many popular addresses can be protected by maintaining an access control list (ACL) to block access from certain IP addresses.
- Have scalable bandwidth: Although bandwidth is expensive, today many servers offer scalable plans that can be useful at critical times. DDoS are successful in trying to overcome the available bandwidth, so maintaining a buffer zone can delay the attack a bit and give us time to take measures to avoid it.
On the other hand, there are numerous providers in the market that provide security tools specifically designed to prevent and respond to a denial of service attack.
Have you ever gone through such situation? What did you do when your site is under DDoS attack? If you know any other tips to protect our website from such attacks, let us know them in the below comment section and we will include them in this article for our readers.
If you have any other queries regarding the DDoS attack, write them in the comment box and we will get back to you as soon as possible to clear all your queries.