Stop DDoS Attacks Against your Website!

This is the reality and the impacts Distributed Denial of Service (DDoS) attacks have on your websites and their associated server resources. A DoS/DDoS can happen within seconds / minutes and the impacts can be devastating. The impacts will range from less severe issues like down time, to getting banned by your host for Terms of Service (ToS) violations. This doesn’t account for the economic impacts to your business (i.e., downtime = no purchases, no availability).

Understanding a [Distributed] Denial of Service (DoS / DDoS) Attack

Denial of Service (DoS) attacks and Distributed Denial of Service (DDoS) attacks are the same thing, only thing differentiating the two is scale. When you hear someone mention a DoS attack, you can expect the attack to be marginal (Qualifier: obviously marginal is very subjective and many would disagree that any DoS is marginal). In most instances, when you hear someone say DDoS, you can think the opposite (i.e., think grand!).

Whether a DoS or DDoS attack, the attacker is making use of one or more computers. DoS attacks are on the lower end of that spectrum while DDoS attacks are on the higher end of it, very large DDoS attacks can span 100’s if not 1,000’s of systems. The proliferation of DoS/DDoS attacks are directly attributed to the proliferation of DDoS-For-Hire service market, also known as Booter Services.

An attacker that is leveraging a Denial of Service (DoS) attack method has one goal in mind, to disrupt your websites performance. They disrupt your website performance by making it slow to respond to legitimate requests or disabling the website entirely, making it impossible for legitimate users to access your website. This type of disruption, depending on your configuration, can be devastating to your business.

There are three main DDoS / DoS attack types:

Each of these attacks types are designed to consume your web server resources, in one way or another and each have the same outcome – your web server / website slow to a halt or crash.

1. Volume Based DoS Attacks

As the name implies, this type of attacks depends on volume. The attacker employs a basic tactic, more resources wins this game. If they can overload your resources, they win. For most everyday website owners, this is an easy win. Most website owners are leveraging everyday Shared hosts and those with VPS environments are often configured in the smallest tiers and configurations.

2. Protocol Based DoS Attacks

The internet is all based on protocols, it’s how things get from point A to point B. This type of attack can include things likes Ping of Death, SYN Flood, Packet modifications and number of other variations.

 

3. Application Layer Attacks

The basis for this attack is often targeting applications like Web Servers (i.e., Windows IIS, Apache, etc…), but more and more we’re seeing this type of attack evolve to application platforms like WordPress, Joomla and other similar applications.

Website Firewall Protects Against DDoS / DoS Attacks

There are a number of DoS / DDoS attacks that we, Sucuri, deal with on a daily basis. These are the ones that the Sucuri Website Firewall will protect your website against:

1. HTTP Flood Attack

This type of Layer 7 application attack happens when an attacker makes use of standard GET / POST requests in effort to overload your web servers response ability. This attack is also known as a volumetric attack, it doesn’t require malformed packets, spoofing or any variation of reflection techniques. This attack can occur over HTTP or HTTPS and is much easier to implement, making them the much preferred attack method, cheaper too, for a lot of booter services targeting websites. They can generate thousands of requests a second.

2. Simple Service Discovery Protocol (SSDP) DoS Attack

The Simple Service Discovery Protocol (SSDP) is often used for Plug & Play (UPnP) devices, and it was only in 2014 that we started to see DoS attacks leverage this protocol. It’s a relatively new attack vector for DoS attacks. It often targets traditional SSDP ports, (1900) and destination port 7 (echo). It’s a form of a UDP attack, which unlike SSDP is more common. The latest reports show that SSDP attacks have the ability to increase the amplification of the attack by 30 times which might explain why it’s being employed.

3. User Datagram Protocol (UDP) DoS Attack

The User Datagram Protocol (UDP) DoS attack will flood various ports on your web server, randomly, with packets – also known as Layer 3 / 4 attacks. This forces the web server to respond, in turn chewing through your web server resources forcing it to come to a halt or die completely. UDP is a connection-less protocol, meaning it doesn’t validate source IP addresses. It’s because of this that UDP attacks are often associated with Distributed Reflective Denial of Service (DRDoS) attacks.

4. Domain Name Server (DNS) Amplification DoS Attack

DNS Amplification DoS attacks are very popular today, they occur at Layers 3 / 4. They make use of publicly accessible DNS servers around the world to overwhelm your web server with DNS response traffic. Your web server is overwhelmed by the influx of responses in turn making it difficult to function as it’s resources are depleted, making it impossible to respond to legitimate DNS traffic.

Blocking Any Type of Attack

Sucuri’s DDoS Protection service can detect and block the following types of DDoS attacks. Note that Sucuri proxies Web requests, so network layer DDoS attacks are never relayed to the client’s origin servers. Therefore, Sucuri’s DDoS protection can mitigate all network level attacks.

  • TCP SYN+ACKSlowlorisDNS Flood
  • TCP FINSpoofingNXDomain
  • TCP RESETICMPMixed SYB + UDP + ICMP + TCP Flood
  • TCP ACKIGMPPing of Death
  • TCP ACK + PSHHTTP FloodSmurf
  • TCP FragmentBrute ForceReflected ICMP & UDP
  • UDPConnection FloodAs well as other attacks

How Firewall Protects Against DDoS / DoS Attacks

To protect our clients against these attacks, we employ a multi-layer filtering solution and work with top Internet Service Providers (ISP) around the world to ensure adequate bandwidth is available to respond when there is a need.

1. Layer 3/4 Attacks

Layer 3 / 4 attacks are often volumetric, they are designed to flood, saturate, your network with so much traffic the only option is failure. This fight is achieved through our ability to handle the incoming throughput. We achieve this by partnering with top providers around the world (e.g.., Amazon AWS, Google CE and OVH) to provide us with all the bandwidth we need. This provides us hundreds of gigabytes per second of available pipe, allowing us to sustain and mitigate a large subset of volumetric attacks. Because we do not manage all of our infrastructure, we are able to quickly scale and respond based on needs.

2. UDP DoS Attacks

Our response to DNS Amplification attacks are very similar to Layer 3 / 4 Attacks, but because of our configuration, we’re especially suited for these DoS attack types. None of our reverse proxies are configured to allow anything but HTTP / HTTPS traffic through the end point (your web server). This approach allows us to mitigate attacks based on UDP quickly and efficiently. All UDP attacks are blocked at the edge, meaning they never come close to touching your web server, this greatly reduces the noise large amplification attacks introduce during an attack.

3. Layer 7 / HTTP floods

Layer 7 attacks are a bit more complex and require a more refined touch when it comes to mitigating. Because Layer 7 attacks often mask themselves with what would otherwise be categorized as legitimate traffic, we have built technology that allows us to analyze all incoming traffic for anomalies and respond accordingly. Our technology makes use of heuristic and signature based techniques, allowing us to quickly mitigate any incoming Layer 7 DoS attacks.

3 thoughts on “Stop DDoS Attacks Against your Website!

  1. Hello Web Admin, I noticed that your On-Page SEO is is missing a few factors, for one you do not use all three H tags in your post, also I notice that you are not using bold or italics properly in your SEO optimization. On-Page SEO means more now than ever since the new Google update: Panda. No longer are backlinks and simply pinging or sending out a RSS feed the key to getting Google PageRank or Alexa Rankings, You now NEED On-Page SEO. So what is good On-Page SEO?First your keyword must appear in the title.Then it must appear in the URL.You have to optimize your keyword and make sure that it has a nice keyword density of 3-5% in your article with relevant LSI (Latent Semantic Indexing). Then you should spread all H1,H2,H3 tags in your article.Your Keyword should appear in your first paragraph and in the last sentence of the page. You should have relevant usage of Bold and italics of your keyword.There should be one internal link to a page on your blog and you should have one image with an alt tag that has your keyword….wait there’s even more Now what if i told you there was a simple WordPress plugin that does all the On-Page SEO, and automatically for you? That’s right AUTOMATICALLY, just watch this 4minute video for more information at. Seo Plugin

  2. Hello Web Admin, I noticed that your On-Page SEO is is missing a few factors, for one you do not use all three H tags in your post, also I notice that you are not using bold or italics properly in your SEO optimization. On-Page SEO means more now than ever since the new Google update: Panda. No longer are backlinks and simply pinging or sending out a RSS feed the key to getting Google PageRank or Alexa Rankings, You now NEED On-Page SEO. So what is good On-Page SEO?First your keyword must appear in the title.Then it must appear in the URL.You have to optimize your keyword and make sure that it has a nice keyword density of 3-5% in your article with relevant LSI (Latent Semantic Indexing). Then you should spread all H1,H2,H3 tags in your article.Your Keyword should appear in your first paragraph and in the last sentence of the page. You should have relevant usage of Bold and italics of your keyword.There should be one internal link to a page on your blog and you should have one image with an alt tag that has your keyword….wait there’s even more Now what if i told you there was a simple WordPress plugin that does all the On-Page SEO, and automatically for you? That’s right AUTOMATICALLY, just watch this 4minute video for more information at. Seo Plugin

Leave a Reply

Your email address will not be published. Required fields are marked *