Can DDoS attacks harm your server and how to prevent them?
DDoS (distributed denial-of-service) attack is one of the most common forms of cyber-attacks these days. Their scale already exceeds one terabit per second and over 2000 of such attacks are being observed daily by Arbor Networks. So, should you care? Surely! It’s important to secure your network to stay calm and ensure uninterrupted services to your customers.
DDoS attacks disturb regular tasks of a targeted computer system by flooding it with bogus traffic from numerous compromised machines. As a simple example, if your e-commerce site is under DDoS attack, your customers are withheld from placing new orders. If it’s a call center, your clients cannot make or receive calls. If it’s a booking engine, your clients are not able to make new reservations. In other terms, your service is being denied. Still, can these service disruptions make a lasting impact on your system and harm your customer base? Let’s try to answer this point by point.
- Service disruption. First and foremost, DDoS attacks deny access to your website or services. The attacker abuses a network of infected or misconfigured machines – servers, routers or even PCs - to generate enormous amounts of bogus traffic to a single system, making it temporarily unavailable.
- Higher costs. Most hosting and cloud providers charge their clients for additional bandwidth or computing power. When you are having a DDoS attack, your ingress traffic skyrockets and your infrastructure may start scaling out very rapidly, if auto-scaling is enabled. You might get surprised when you receive your next bill, because of the Internet traffic and computing resources expenses that have gone through the roof this month. Do not forget to check your provider's bandwidth policy to avoid such bills.
- Data loss. Because of an overwhelmed data base and system, unsaved work might not be stored or cached. This may be a serious issue for businesses that deal with mission-critical workloads or run some online transaction processing application where data consistency is paramount.
- Intermixed logs. Your real server logs will mix up with thousands of attack logs, so it will be hard to filter and check if everything works correctly. Alternatively, you may have set if-then rules and made your system self-reactive. In such case, intermixed logs may hurt you a lot by causing real damage to your system.
- Distraction. DDoS can be used as a distraction technique. While you are busy filtering your traffic, small damaging attacks are executed simultaneously. Such an attack happened a few months ago with Electrum Bitcoin wallet, which said to be the safest cold wallet in the world. A huge DDoS attack from over 150 000 infected hosts has been launched onto Electrum network, disrupting all customer transactions. In parallel, a phishing attack forced a roguish message to be popped out to clients, asking them to update their software. People then mistakenly installed malicious software, which immediately pointed all their savings to the scammer’s wallet.
How to avoid DDoS?
As DDoS attacks keep growing in volume and frequency, we should prevent them from making harm to your projects. You should plan ahead to secure your network and minimize the impact of such intrusion. So how to prevent ddos attacks?
- Choose a cloud provider that offers DDoS protection. Most hosting and cloud providers offer basic protection against most popular DDOS attacks such as UDP, NTP, SSDP, CharGen, DNS. However, this will not make you 100% bulletproof. Some providers also offer advanced security measures like DDoS scrubbing protection that gives you customized real-time protection based on machine learning algorithms. It takes time for AI model to learn and recognize malicious traffic, but after some time, this protection should filter and block up to 100% of incoming DDoS attacks.
- Build redundant infrastructure. Spread your project across multiple data centers with a good load balancing system to distribute traffic. This works best when you choose data centers in different countries or at least use different Internet service providers.
- Defend manually. If you can access your server when being under attack, adjust the following network configuration rules to protect your system:
- rate limit your router to prevent your Web server from being overwhelmed;
- add filters to tell your router to drop packets from obvious sources of attack;
- timeout half-open connections more aggressively;
- drop spoofed or malformed packages;
- set lower SYN, ICMP, and UDP flood drop thresholds;
- Keep it fresh. Always update your software to the latest version. It not only protects you from bugs and vulnerability exploits but also helps you avoid DDoS attacks. For example, some older software allows unlimited ping-backs without an option to set a limit on them.
- Review your DNS zones. We usually forget the simple things. Make sure you have no testing domains or abandoned subdomains that run outdated software. Check whether there are any mistakenly added A records. Audit your DNS zones, CNAME and MX records to make sure everything has been set as you intended.
- Hide your BIND version. Hackers often find their targets by running scripts that target specific versions of network software. An attacker could easily gain your DNS server version by running a simple query like this: dig @ns1.server.com -c CH -t txt version.bind
You can hide your BIND version by editing /ets/named.conf file. Locate options configuration block and change version "BIND"; to a word of your choice. For example version "Unknown"; Save the file and restart BIND to apply change service named restart
- Disable DNS recursion. DNS cache poisoning is one of the most usual DNS attacks. This happens when a spoofing attack is initiated in the middle, giving information to a DNS server that hasn’t been authorized by DNS sources. Such vulnerability allows traffic redirection from one host to another. Still, you can easily avoid this. To disable DNS recursion, add these lines inside the options configuration block inside named.conf file:
Restart your BIND to apply changes service named restart
- Use 3rd party DDoS mitigation provider. If you get tons of attacks and cannot handle them by yourself, you should call for help DDoS protection specialists. There are several well-known providers like Cloudflare, Imperva and CloudLayar that offer basic DDoS protection packages for a low price. In case you are in a deep trouble, call their support and ask a system audit to find any additional vulnerabilities. Keep in mind, while basic packages cost near to nothing, advanced DDoS protection is not cheap.
Hackers are getting better each day with more and more methods available for finding vulnerable systems on the Internet. Nevertheless, there are now a lot of ways to protect your business and avoid DDoS attacks whatsoever. Do not hesitate to take preventative actions in advance and you will sleep well at night.