The DDoS menace is destroying everything in its path. Servers, networks, large buildings—steel and bullets are no match for this beast. The rural folk are fleeing to the hills. The military has been called. We MUST stop it before it reaches Tokyo…
But in all seriousness, the damage from a DDoS attack isn't pretty. It can be costly for your online business in terms of dollars and reputation. But you're in the right place to learn how to deal with the issue—better to be prepared beforehand then get caught off guard. Here's an easy step-by-step guide for handling DDoS. You never know when it might come in handy.
- Panic
It's understandable that you might panic when you hear that your online business is under attack. DDoS attack frequency and strength has been increasing at a frightening rate over the last several years. Attacks surpassing 100 Gbps, a size considered outlandish a few years ago, are quickly becoming the norm. According to recent research, over 40% of all businesses in the UK were hit with DDoS last year. It's enough to make even the most hardened security expert a bit squeamish.
- Survey the situation
Yes, get out from under your desk. When you have regained your bearings, take a look at your security signals to see if this really was a DDoS attack, and not a false alarm.
- Inform your Fearless Managers
Find your CTO who was hunkered down in the microwave room and brief him on the situation. Your senior IT who saw the chaos as an opportunity to raid the emergency supply of fudge bars; he might also want to hear which of your assets are under attack, and which are safe.
- Keep the Ship Afloat
It may be the case that some of your assets are not worth maintaining if they have already been compromised. Preserve the systems that need to be operating for the businesses to continue at a bare minimum, and then evaluate the rest of your priorities.
- What are You Dealing With?
After it is clear a giant lizard from the Pacific Rim is not the one causing slow loading pages for your users, you must consider; is this a network or an application layer attack? Or is something trying to jam-up your bandwidth or trying to target your application? Identifying the type of attack is crucial to taking formal mitigation steps.
Also, it pays off to be able to identify the attack as early as possible. For that, you should use an automated solution, that can identify the attack in its earliest stages and be able to notify you 24/7. And no, don't use something that checks for your site's availability. If you site is down, it's already too late.
- Stick with Your Allies
To avoid isolating your users, you must whitelist trustworthy IPs so they are not blocked at the firewall. On the other hand, if you are getting large influxes of traffic from unusual sources ("I didn't know we had a market in Dagestan…") than you should block this geo-location entirely.
- Right Tools for the Job
As mentioned, DDoS attacks come in different shapes in sizes and understanding the offenders' techniques is crucial for effective mitigation. For instance, you may assume that DDoS could be countered by high capacity networks. However, high capacity won't help you deal with Layer 7 DDoS attack, which employee bots that directly target your application and can bring your site down with just few dozens of requests a second.
To be on the safe side, you should prepare for all scenarios. This means having a strong network backbone and access to bot filtering solutions.
- Dumping Cargo
At this point hackers have likely penetrated your defenses, and might be preventing your normal users from accessing your site. If the source of the bad traffic is not obvious (it usually isn't) then you might do well to block out large groups of traffic, hoping your hacker is within the bunch. You will be losing some real customers and users, but that is the price you pay.
- Maintain Appearances
Time to do some PR damage control. Depending on how bad it is, you might either claim you're having a "small technical difficulty" or, if it's really bad, call in the big guns and blame the Communists.
Yes, it is a long list. But if you have an experienced a 3rd party security system in place, you can ignore the list entirely. You can relax knowing your online assets are in good hands. DDoS threats are a serious issue—make sure you're protecting your businesses with serious security.
DDoS attacks are very hard to stop, it’s way easier to prevent them.
“you might do well to block out large groups of traffic, hoping your hacker is within the bunch” – This could be a strategy that might not work so well, it may be the case that the attacker sends small groups of traffic, from many clients.