Home Resources Blog How to Avoid DDoS Attacks?

How to Avoid DDoS Attacks?

A couple of milliseconds delay of your page load time can cause a significant loss of revenue. We have explained this in length, recently. What about a complete stop to all of your website functions? For hours, days, weeks? Such attacks on websites, especially those websites that deal with payment, business transactions or transfer of personal data, are becoming more and more frequent. They are known as denial-of-service (DoS) attacks. Distributed denial-of-service (DDoS) attack means that the attacker/hacker is choosing one computer system as a master system to control sometimes as many as hundreds of thousands other computer systems, known as zombies or bots. They all work with a uniform goal of flooding the targeted host with as many communication packets as possible to stop the website from working. Entirely.

As an online vendor, you are not only under the threat of being flooded with the denial-of-service packets, but also of being used as a zombie machine to perform such attacks.

How One AI-Driven Media Platform Cut EBS Costs for AWS ASGs by 48%

How One AI-Driven Media Platform Cut EBS Costs for AWS ASGs by 48%

Not even giants are immune to distributed denial-of-service (DDoS) attacks. Yahoo! was inaccessible for 3 hours in 2000, and the revenue lost was estimated to about $500,000. In the same year, Amazon was down for 10 hours, with a loss estimated to $600,000. The attacks in the past were not avoided by CIA, or even The Pirate Bay. Each time, the attacks have not only affected businesses, but also individuals, trading companies, file sharers and end-customers.

DDoS attacks are one of the biggest threats to the security on the Internet, since the users of controlled computer systems are usually not aware of the attack performed. And since packets are not coming from a single source, they can not be stopped by simply blocking a single IP address.

If not stopped, how can DDoS attacks be prevented?

Not that using one method of prevention alone can actually protect you. However, by using a combination of a few, you have a better chance of defending your business space. Or, to walk you through defense strategies:

  1. Updates, updates. You should make sure that all of your security patches are always up to date. That your firewalls are the latest versions of those firewalls. That your system is clean and all unused ports are always disabled on the host system.
  2. Use a CDN hosting. Content delivery networks (CDNs) use servers located at different data centers. Not only one, but many communication channels are used. Since the emergence of cloud computing, CDNs are employed not only as a tool for unclogging the internet (see the history of CDNs >>link to post), but also as a tool for mitigating (avoiding) DDoS attacks. CDNs will absorb less-sophisticated DDoS attacks, simply with bandwidth. With CDNs, you gain the advantage of – size.
  3. IP Broadcast and IP Hopping. See that IP broadcast is disabled on the host computer. Also, see that you change location of your active server proactively, using a pre-specified set of IP address ranges.
  4. Filters, filters. See that only trusted IP connections are accessing your website. Drop traffic with others. For this, you will, again, need to apply multiple methods of IP address filtering.
  • Ingress filtering: drop traffic with IP addresses that do not match a domain prefix connected to the ingress router
  • Egress filtering: ensure that only assigned or allocated IP address spaces leave the network
  • Connection limiting: the number of new connection requests is limited, existing connections are preferred
  • Age filtering: idle connections are removed from the IP tables in firewall and servers
  • Source rate filtering: when there are limited number of IP addresses involved in a DDoS attack, outer IP addresses that break the norm are identified
  • Dynamic filtering: create a short-span filtering rule and remove that rule after that time-span
  • Active verification: combined with SYN proxy, legitimate IP addresses are cached into a memory table for a limited period of time and are being let out without the SYN proxy check
  • Anomaly checks: works for scripted DDoS attacks
  • Black List/White List: deny/allow access to certain IP addresses from the lists
  • Dark address prevention: drop traffic with all IP addresses not assigned by IANA

Latest Articles

Bot Mitigation & Anti-Fraud
How to Defeat Bad Bots in 2024 (and Why It’s Still So Hard)

Introduction  Bots today outnumber human users in eCommerce sites: From 15% in 2017, to 30% in 2019, to 64% in 2021. Some extreme cases we’ve witnessed peaked in 90-99.8% bot traffic. But perhaps the more concerning bit is the traffic share of bad bots: an approximate 39% of all internet traffic in 2021.   Hackers are […]

Eduardo Rocha Senior Sales Engineer and Security Analyst
13th June, 2024
Cloud Cost Optimization FinOps
EBS-Optimized Instances: A Guide to Cut Costs and Maintain Performance

A recent study of over 100 enterprises found more than 15% of AWS cloud bills comes from Elastic Block Store (EBS). But what can you do to cut those costs without impacting performance? The key is to select EBS-optimized instances. With the right combination of EBS-optimized instances and EBS volumes, companies consistently maintain at least […]

Ganesh The Awesome Senior Pre & Post-Sales Engineer at GlobalDots
19th May, 2024
FinOps
Cut Big Data Costs by 23%: 7 Key Practices

In this webinar, we reveal a solution that cuts big data costs by 23% and enhances system efficiency - without changing a single line of code. We’ll also explore 7 key practices that will free your engineers to process and analyze data at the pace and scale they need - and ensure they never lose control of the process.

Ganesh The Awesome Senior Pre & Post-Sales Engineer at GlobalDots
15th April, 2024
Back to Resources

Unlock Your Cloud Potential

Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.

    GlobalDots' industry expertise proactively addressed structural inefficiencies that would have otherwise hindered our success. Their laser focus is why I would recommend them as a partner to other companies

    Marco Kaiser
    Marco Kaiser

    CTO

    Legal Services

    GlobalDots has helped us to scale up our innovative capabilities, and in significantly improving our service provided to our clients

    Antonio Ostuni
    Antonio Ostuni

    CIO

    IT Services

    It's common for 3rd parties to work with a limited number of vendors - GlobalDots and its multi-vendor approach is different. Thanks to GlobalDots vendors umbrella, the hybrid-cloud migration was exceedingly smooth

    Motti Shpirer
    Motti Shpirer

    VP of Infrastructure & Technology

    Advertising Services