WHAT IS A DDoS Attack?
DDoS attacks (distributed-denial-of-service attack) is comprised of many systems
(often thousands of infected computers) working together to disrupt the host or
network of the intended target (often large, well-known web servers, banks,
Governmental sites, and root nameservers. DDoS attacks are vicious and unrelenting –
they can hurt businesses of any size.
A Christmas Eve 2012
cyberattack against the
Web site of a regional
thieves more than
attacked against DNS
Made Easy network.
graphed at being over
Michael "Maﬁa Boy"
Calce was only 15 years
old when he brought
down Amazon, CNN,
DELL, E*Trade, eBay
Hacking will never go away, and users can take some
steps to protect themselves, but ultimately, organizations
need to invest in security to protect their end users.
1. Identify the problem as soon as possible
In the event of a DDoS attack, no time can be lost. This means you
need to be familiar with your inbound traﬃc. Also, determine its
unique traits. Attackers will be coming from all over the Internet
and many of the sources may be spoofed, so it will not be possible
to simply block IP addresses. While there will be unique traits,
these will have unique similarities to other types of DDoS attacks.
These traits can be found in the URI, referrer, or user agent. Once
you ﬁnd the pattern, you can block it with your ﬁrewall, router
ACL, IDS, and so forth.
2. Get in touch with your Web Hosting
or ISP Provider
Hopefully your provider will have already identiﬁed the
problem. But it is always best to reach out to them
immediately and let them know what is happening. If the
attack is signiﬁcant enough, your Web Hosting or ISP provider
will most likely“null route”your traﬃc, meaning that packets
bound for your Web server will be dropped. Once the traﬃc
falls oﬀ, your Web Hosting or ISP Provider should also help
you get your business back online. The Web Hosting or ISP
3. Be prepared for attackers to change
tactics in real-time
DDoS attackers will watch the way in which you
respond, how you react to the DDoS attack, and
then adjust their tactics. This means you have to be
ready for real-time changes.
4. Plan for the attack to be far worse
than you would ever expect.
Build up a ﬁnancial war chest as ﬁghting DDoS attacks can be
very expensive. You must have a plan of attack against the
DDoS before they happen. If you start to defend an attack after
they happen it is too late and your business will be oﬄine for
an extended period of time.
Plan for something bigger than ever to happen. At DNS Made
Easy we were planning for attacks of 200 Gbps when we were
DNS Made Easy have spent years of research and millions of dollars of
IT investment to mitigate large attacks when they happen. Proper preparation
for a DDoS attack is crucial in keeping services online.
If the DDoS attack is large enough that your network is saturated then there is nothing that
you can do in your ﬁrewall to ﬁx this and you will need help with your ISP or DDoS service.
Provider should look to stopping the traﬃc at their ﬁrewall or provide an option to send your
traﬃc to a“scrubber”or DDoS cleaning service. This is where malicious packets can be
eradicated and only good traﬃc can be directed to your Web server.
receiving attacks of 50 Gbps. We then were planning for attacks of 1 Tbps when we received
attacks of 200 Gbps. As the bandwidth available for attackers grows, then so will the size of
the DDoS attacks.