Distributed denial of service attacks plague businesses and websites round the world. A DDoS attack occurs when a target server or website is overwhelmed with communication requests from the botnet or band of attackers. When the server is no further able to take care of HTTP requests, it goes offline and prevents legitimate users from being able to access the website.
Botnets are generally used together with a DDoS attack. It will take a large amount of resources to have a website offline. In order to work, attackers must combine the resources of multiple computers. DDoS attacks typically do not cause harm to a web site – they simply make the web site inaccessible. There are many malicious uses of DDoS attacks. They are now being used as an easy way to deter security personnel and cover up fraud. In either case, if you own a web site, you need to be alert to how to identify an attack.
How Do You Know If You Are Being HIt With A DDoS Attack?
The main move to make isn’t jump to conclusions. You wish to check your router, web connection, and any other variables which can be affecting your website performance. If you determine that it’s not a net connection problem, the first action you need to take is contacting your online hosting provider. They will have the ability to share with you immediately if you are being attacked or not.
The United States Computer Readiness Team, or US-CERT, gives a set of symptoms that serve as pointers that your computer resources might be under attack. Here is what they list since the potential signs of a DDoS attack:
Unusually slow network performance (opening files or accessing websites).
Unavailability of a specific website.
Inability to access any website.
Dramatic escalation in the total amount of spam you receive in your account.
DDOS attacks may also manifest as problems in the network branches adjacent to the computer booter system under attack and can serve as a great alert to network administrators. In cases where DDOS attacks are initiated on a very large scale, internet connections in entire geographical areas surrounding the target machines might be affected. To ascertain if computer resources are under DDOS attack, network administrators can visit the command prompt and attempt to ping outside their network, normally to a web site like Google.com. By observing the full time and the percentage of packets lost in the ping statistics, a correct diagnosis can be made concerning the state of the network.
The time it takes to transmit 32 bytes of data is usually about 40ms. At the original stages of a DDoS attack, this could take 800ms. The computer system will ultimately respond with a “Request Timed Out “.Overall, identifying the original stages of a DDoS attack in early stages, it’s possible to avoid your personal computer and network resources from completely being taken offline.
If you’re the do-it-yourself type, network administrators can make use of NETSTAT. This allows the administrator to see all the existing TCP/IP connections. A sizable amount of TCP/IP connections from the same IP address is usually a good indication of an attack. You can confirm that the attack is in progress when the state of those connections indicates SYN_RECEIVED.
To find out the IP address targeting your network, run the TCPView program or any program that indicates all the existing connections on a computer. You can also use the commands found below to do some further research yourself.
netstat -n -p | grep SYN_REC | sort -u
List all the initial IP addresses of the node which are sending SYN_REC connection status.
netstat -n -p | grep SYN_REC | awk’print $5’| awk -F:’print $1′
Calculate and count how many connections each IP address makes to the server.
netstat -ntu | awk’print $5’| cut -d: -f1 | sort | uniq -c | sort -n
List amount of connections attached to the server using TCP or UDP protocol.
netstat -anp |grep’tcp|udp’| awk’print $5’| cut -d: -f1 | sort | uniq -c | sort -n
List IP address and its connection count that hook up to port 80 on the server.
netstat -plan|grep:80|awk ‘print $5’|cut -d: -f 1|sort|uniq -c|sort -nk 1
How Do You Stop A DDoS Attack?
This can be tricky for many and almost impossible without the best mixture of hardware, software, and experience. If you eventually fall victim to a DDoS attack, contact your hosting provider immediately. When they are unable to mitigate the attack, you can find two solutions for you:
Donate to a DDoS proxy protection service. WIth proxy protection, there is no need to switch from your current host. The DDoS protection provider will just re-route your DNS settings to point towards their servers to “scrub” the malicious traffic from your pipeline. They will then route the legitimate traffic back again to your website.
Switch to a web host that gives DDoS protection. This really is more a solution for high profile websites, or webmasters which are constantly plagued with DDoS attacks. In this instance, moving to a host that specializes in DDoS protection is the best option.
C. Kelley writes about DDoS mitigation and protection strategies that businesses can use. Learn more about DDoS protection by visiting Rivalhost.