DDOS Attacks and how to handle them.

What is a DDoS attack?

DoS and DDoS attacks flood a Web server with false requests for information, overwhelming the system and ultimately crashing it. The following graphics explain how such attacks work and how companies can possibly prevent them. In effect the server can not handle all the requests, no matter how big and bad your server is. The nature of the attack is quite simple but has complex results on the machine being affected.

How a “denial of service” attack works

In a typical connection, the user sends a message asking the server to authenticate it. The server returns the authentication approval to the user. The user acknowledges this approval and then is allowed onto the server.

In a denial of service attack, the user sends several authentication requests to the server, filling it up. All requests have false return addresses, so the server can’t find the user when it tries to send the authentication approval. The server waits, sometimes more than a minute, before closing the connection. When it does close the connection, the attacker sends a new batch of forged requests, and the process begins again–tying up the service indefinitely.

Typical connection

DoS & DDoS attacks

How to block a “denial of service” attack

One of the more common methods of blocking a “denial of service” attack is to set up a filter, or “sniffer,” on a network upstream. This means before a stream of information even reaches a site’s Web servers. The filter can look for attacks by noticing patterns or identifiers contained in the information. It requires hardware for filtering. If a pattern comes in frequently, the filter can be instructed to block messages containing that pattern, protecting the Web servers from having their lines tied up.

DDoS attacks can happen to anybody!

As a webmaster or admin for any site, never ever think you are exempt from being attacked.  It can happen to anybody. Last month alone there was over 50,000 reported attacks. The attacks were directed towards major sites and small ones without regard. Twitter was taken down from such attacks just a couple weeks ago. Then the same malicious group targeted Google and Facebook.  Less than two years ago the department of defense was attacked and completely taken down. If they can take down Google, Twitter, and the US Gov they can most likely take down your site also.

Protect Your Website

To protect your site you must have hardware that can defend your servers. The problem is that it is expensive. If you find your site is being attacked and you host with one of those $5/month accounts at some cheap hosting company you will find that they will just shut down your site in the interest of protecting the other sites on there servers. You will be just flat out of luck. Make sure your hosting has the routers and firewalls in place to handle these vicious attacks.  Ask specifically about DDoS prevention before you purchase hosting if you want protection. Normal firewalls and routers WONT STOP THE ATTACKS.
Take if from me. We had a virtual server completely upgraded and screaming fast with the highest security you can imagine. But the nature of a DDoS attack does not even send up a red flag to most security prevention systems. You will most likely only notice when your site goes down or your hosting provider cuts you off. Not good at all because it is too late then!

The nature of an attack

What makes these kind of attacks almost impossible to handle without the proper hardware is that you can not just start blocking IP addresses. Because of a couple reasons. First, most of the time the IP doing the request is a real IP but most likely an IP that is not malicious. Usually the IP has been spoofed. Therefore, if you add an offending IP to your block list you may be blocking a true source of visitors. Second, the request is not what actually kills your http server. What kills the server is an incomplete “handshake”.

To explain the 3 way server handshake lets elaborate a little…

To establish a connection, TCP uses a three-way handshake. Before a client attempts to connect with a server, the server must first bind to a port to open it up for connections: this is called a passive open. Once the passive open is established, a client may initiate an active open. To establish a connection, the three-way (or 3-step) handshake occurs:

1. The active open is performed by sending a SYN to the server.
2. In response, the server replies with a SYN-ACK.
3. Finally the client sends an ACK (usually called SYN-ACK-ACK) back to the server.

In a DDoS attack its more like a 2 way handshake. This leaves your server hanging and waiting for the third response. What this does is flood your http server with incomplete requests. Most servers have a 30 second time out and a maxim number of connections around 300 or so. Hence, your server is doomed without protection.

DDoS attack symptoms and info

DDoS attacks generally WILL NOT eat up your bandwidth because the handshake never got completed. It just increases server load to the point of being rendered useless. Nothing ever gets sent to the requesting host so there is not usually a bandwidth issue.

DDoS attacks are basically impossible to track unless you have tons of resources. Like on a government level. One of the difficulties in tracking is because the offending IP’s are usually spoofed and do not exist or are valid IP’s that are non offending.

Blocking IP’s wont help with a DDoS attack. You must have the proper hardware to defend against DDoS attacks. If somebody know software to hand attacks please let me and the world know about it.

Who is doing such malicious attacking?

To put it bluntly there are many groups of attackers out there. Some are religious based and some are politically based. But the most notorious ones are simply groups of hackers that get paid to take down sites. They get paid between $100 and $500 per 1000 http requests. There are actually bots for hire out there… SHeeesh! I think they should be hung upside down and have there toe nails pulled out.

Conclusions about DDoS attacks

Get a hosting company that has the hardware to handle these attacks. Firewalls and fast servers just wont help. As a result of the recent attacks on DeveloWare.com and the companies that host through us we have upgraded our equipment to handle this. We can now provide protection against DDoS attacks.

Advertisements

21 thoughts on “DDOS Attacks and how to handle them.

  1. Hey! I just wanted to ask if you ever have any problems with hackers?
    My last blog (wordpress) was hacked and I ended up
    losing a few months of hard work due to no backup.
    Do you have any solutions to prevent hackers?

    1. actually I am working as a System Engineer.
      I have backups for the database 4 times daily .
      and I only faced DDOS attacks.
      so the data wasn’t affected.

  2. I’m really enjoying the design and layout of your
    website. It’s a very easy on the eyes which makes it
    much more pleasant for me to come here and visit more often. Did you hire out a designer
    to create your theme? Outstanding work!

  3. Hey! Quick question that’s completely off topic.
    Do you know how to make your site mobile friendly? My blog
    looks weird when browsing from my apple iphone.
    I’m trying to find a template or plugin that might be able to correct this issue.
    If you have any suggestions, please share. Appreciate it!

  4. Excellent blog here! Also your web site loads up fast! What
    host are you using? Can I get your affiliate link
    to your host? I wish my web site loaded up as fast as
    yours lol

  5. If you wish for to increase your experience simply keep visiting this site and
    be updated with the hottest news update posted here.

  6. Hey I know this is off topic but I was wondering if you knew of
    any widgets I could add to my blog that automatically tweet my newest twitter updates.
    I’ve been looking for a plug-in like this for quite some time and was hoping maybe you would have some experience with something
    like this. Please let me know if you run into anything.
    I truly enjoy reading your blog and I look forward to your
    new updates.

  7. It’s an remarkable paragraph for all the internet users; they will obtain advantage from it I am sure.

  8. Hi there, You have done an excellent job. I will certainly
    digg it and personally suggest to my friends. I’m sure
    they’ll be benefited from this site.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s