DDoS attacks set records. How to quickly and cheaply protect your business?

Introduction

According to Akamai and Arbor Networks, in the first quarter of 2016, a record was recorded in the number of powerful DDoS attacks — 19, each exceeding 100 Gbit / s. On average, the activity of DDoS-attacks grew a little less than twice, if we compare the figures year-to-year, and the peak of the attack power almost reached 600 Gbit / s.

Industry analysts say that the situation is worsening and positive dynamics can not be expected. Today, free or low-cost online services are becoming increasingly common, which allow you to easily and quickly organize a DDoS attack. Widely known for LizardStresser from the hacker group Lizard Squad. On its basis, built not a dozen botnets. Given that hackers increase their power, the majority of Internet resources “fall” from the simplest attack,
not exceeding the power and 1 Gbit / s.

Attack methods are well known. Hackers use the features of network protocols. With the help of foreign servers, an attack on the victim is organized, which clogs the communication channel and takes it offline. The most popular method is DNS gain, which accounts for almost 1/5 of all attacks. They are followed by NTP-, CHARGEN- and SSDP-gain. More than half of the attacks while combining all these methods, leaving the victim virtually no chance to repel the attack. The time of attacks has the only positive dynamics - on average, it has decreased by 1/3 compared to the 2015th year. These record numbers, both in terms of quantity and power, are increasingly worrying business owners who depend on Internet resources.
')
That is why analytical DDoS protection is gaining popularity.

How to organize protection against DDoS attacks

Not every business, especially a small one, can afford to organize high-quality DDoS protection within its own infrastructure. These costs are both direct and indirect (to find qualified personnel). That is why business is increasingly turning to providers of protection against DDoS-attacks and gives this function to outsource.

For example, our company RUVDS offers customers analytical protection against DDoS attacks at a price that you cannot even interview a potential employee.

Types of attacks

We give a list of potential types of attacks and their classification.

Channel Overflow:

• DNS amplification and flood
• NTP amplification and flood
• ICMP flood and fragmented ICMP flood
• Ping flood
• UDP flood and flood using a botnet, fragmented UDP flood
• VoIP flood
• Flood media data
• Attack by broadcasting ICMP ECHO packets and UDP packets

Attacks against network protocol vulnerabilities:

• TOS attack modification
• ACK / PUSH ACK flood
• RST / FIN flood
• SYN and SYN-ACK flood
• TCP null / IP null attack
• Fake TCP session attack, including multiple ACK
• Attack with substitution of the address of the sender address of the recipient
• Attack by redirecting high-traffic services
• Ping of death

Attacks at the application level:

• HTTP flood, single requests, single sessions
• Attack failure
• Attack of fragmented HTTP packets
• Session attack. Attack slow sessions
• DDoS attacks “zero” day

As you can see, there are a lot of threats, but the list itself is not final. However, 99% of the attacks that occur every day fall under this classification, which means that they can be repelled.

What is this protection against such attacks?

The provider places the IP address that the client has selected as protected, in a special network analyzer. During the attack, the traffic going to the client is compared to the known attack patterns. As a result, the client receives already clean, filtered traffic, in such a way that users of the resource will not know that an attack has been made.

For the organization of such a service, a geo-distributed network of filtering nodes is first created so that for each attack it is possible to choose the closest node and minimize the delay in traffic transmission for the end client. The capacity of such a network exceeds 1500 Gbit / s.

First, hardware protection comes into the fight - signatures, statistics and behavior are analyzed, compliance with the protocols used by traffic is checked (the essence is the level of protection L2, L3, L4).

After this, a more subtle analytical work begins at the L5-L7 levels. The system performs intelligent filtering, analyzes attacks on the HTTP, HTTPS protocols, behavioral and correlation analysis.

Taking into account the list of attacks themselves, these three stages of protection turn into overwhelming tasks for the average owner of an Internet resource.

What to do?

There is a way out of this situation - moving to the cloud. Since the main business of the provider of cloud infrastructure is information, he has already taken care of its protection, starting from communication reliability and antivirus, ending with DDoS protection of himself and his clients. This is what allows the provider to provide protection services at the lowest price, because, on the one hand, it has already invested in its organization and seeks to recoup the costs, on the other hand it knows that if the price is not competitive, it will lose the client in its core business - the lease virtual servers . That is, here we see a complete coincidence of the interests of the client and the provider. So in this case it is the most profitable and correct method of protecting your Internet resource from most types of attacks.

Judge for yourself, for only 400 rubles a month, you can sleep well and forget about hackers. Isn't that great?