A Denial-of-Service is basically a way to block the resources of a computer system, so that no users can access them. This article is about DDoS Mitigation.
With the advent of the internet age, network security has become the most important issue. The fact that network hackers have kept up with the pace of network security methods and heuristics, is only a grim realization of its gravity.
DoS (Denial-of-Service) attack is just a way to bring down a heavily-trafficked website for some time, and this time could be hours, days or even weeks. Let us try to shed some light on DDoS and some common preventive measures against it.
What is a Denial-of-Service attack?
A Denial-of-Service (DoS) is basically a way to block the resources of a computer system, so that no users can access them. In terms of the internet, DDoS consumes all the resources of a network by sending the victim imposturous traffic, laden with broken links in huge amounts.
The Distributed Dos (DDoS) has been just an advanced form of this attack, where the DoS attackers spread out wide enough on a huge network (such as the Internet). The script written by the programmer is sent to hundreds, or even thousands of computers which themselves start acting as “bots”, creating a “BotNet”. Then this network acts on behalf of the hackers, attacking target systems and/or networks.
Such DDoS attacks have been known to cost revenue losses worth millions in the past.
DDoS Mitigation Strategies
DDoS mitigation strategies could be divided into two different categories based on the skill level or the troubleshooter
- Basic Level
- Advanced Level
Basic Level
- Keep yourself informed about exactly what resources are being utilized, the services running, the bandwidth usage and also the demand for data or files.
- Update the network kernel to its latest version
- Install critical security updates
- Disable any unknown or unwanted services
- Data Packets are handled by network card drivers; keep them updated.
- Appropriate iptables/Netfilter firewall should be used to deny access to any bad packets.
- Use the following to know whether port 80 is under attack by too many IPs:
netstat -plan|grep :80 |awk ‘{print $5}’ |cut -d: -f1 |sort |uniq -c |sort -n
Advanced Level
- Make sure that you use all the latest technology on your network
- Using Cacti, SNMP, MRTG allows one to centrally monitor all the traffic, and any events off DDoS on the network.
- Limit the number of connections to a server. Giving preference to existing connections over new connection requests helps.
- Be on the lookout for appliances and applications which would alert you if the traffic reaches a certain maximum threshold. Then using techniques such as ‘dynamic filtering’ and ‘anomaly recognition’ one can inspect the incoming traffic for any broken or bad packets.
- Block any addresses which are not approved by the IANA, also called ‘dark addresses’.
Read through this special DDoS attack tutorial to learn more about DDoS mitigation strategies.