Monday, 24 Jun 2024

How to stop a DDoS attack – Tutorial

Every other day some or the other site keeps getting hit with a DDoS attack. DDoS, the Distributed Denial of Service attack aims at making a particular service unavailable by overwhelming the resources through sudden and unexpected traffic spikes. You can learn about the style of this attack and learn how to stop a DDoS attack.

During a DDoS attack, the attacker overwhelms the network connection that the service receives its requests from, using compromised computers all over the world. A large number of requests are sent to the network service at the same time, which together clog up the connection and make the service unavailable.

How to prepare for a DDoS?

It is advisable to prepare for a DDoS attack in advance. You have to think about defending your site before the DDoS attack actually starts. Preparation up front is the only way out since it can be extremely hazardous once you are under attack. Sometimes the attackers can also send you threat mails asking for money if you don’t want your site to be attacked by hackers.

Should you respond to extortion attempts?

No. You should never ever respond to extortion attempts. If hackers are asking you for money and you reply to them or pay them, you will prove yourself as an easy target for further attacks. Along with this your money acts as funds for attackers to plan and execute more DDoS attacks. Do not pay criminals (attackers) a single penny.

Network Defense

The best way to prevent a flood of traffic from entering your network is to get it away from your network. DDoS attackers attempt at driving traffic from all over the world to your single network connection, thereby, disrupting the way your site functions. In such a scenario, what you can do is to get that traffic go somewhere else so as to free your network connection from the unwanted traffic.

Web and DNS Mitigation

You can put some globally-distributed web/DNS proxy in front of your service. This way all traffic to your website will be forced to first go through a proxy machine where it will have to pass through a lot of DDoS protection and filtering, allowing only the legitimate traffic to get passed on to you. Creating a proxy server in front is the best way to make it difficult for an attacker to find your network.

Know your Traffic

You should know your traffic so that you can ask your upstream network provider to block the stuff that you don’t need. This way only legitimate traffic would be allowed to enter your bandwidth. When traffic by attackers would never hit your network, you’ll never have to deal with it. In this case the hackers will have to generate traffic that looks quite similar to your legitimate traffic, which will rule out the common style DDoS attack and make it more difficult for your attacker.

Following these measures on how to stop a DDoS attack, you will be able to protect your site from any such attack and keep your users or frequent visitors happy.