A technician’s view on DDoS attacks

Out of sight, out of mind

Presence on the internet is nowadays viewed as a must for most companies. In an instant, you are able to present your company the way you want and attract new customers. However, when entering the web, the demands for availability also increases. Visitors expect a warm welcome.

What happens when this expected welcome is replaced with the “slightly” more dull message saying something like “This site cannot be reached”?

A DDoS attack is no longer an IT-related issue, but an all-out attack on the entire brand.

A typical DDoS attack means overloading a server with requests so it eventually stops functioning. An immediate effect might be that you are unable to access a website. The long-term effect however, is a loss of confidence among both existing and potential new customers.

The kinds of attacks we are seeing today are much more sophisticated than before and blend different types of DDoS attacks in one single aimed attack against the target.

According to a recent report on DDoS attacks by Neustar, 82% of companies worldwide have been the victims of DDoS attacks. In Europe, 47% of companies have been targeted more than 6 times.[1]

The most common types of DDoS attacks are:

• Volumetric attacks
  This type of attack floods the network layers with a substantial amount of traffic saturating the entire bandwidth of the target and renders its services inaccessible. This is the most common type of attack – 65% during 2016 according to Arbor Networks [2] – and also the most simple type of attack to launch.
• Protocol Attacks
  The Protocol Attacks aims to fill the routing tables found in almost every component, like the load balancers, firewalls or application servers. Even components made to be able to handle millions of requests stop working when attacked this way.
• Application Attacks
  This is the most dangerous type of attack since it generates a relatively low amount of traffic, which makes it hard to detect. The attacks are aimed at vulnerabilities at web applications like WordPress plugins.

You have probably unknowingly been the target of an attack

As recent as two days ago, Abion were the target of attacks. The first one occurred at 01:55 in the morning, and the second one in 10:35 in the morning. The only affected party was me, because I was the one on duty.

So if you’re a client of ours, how come you haven’t been affected?

In order to manage a DDoS attack, you need DDoS protection. Combined with an IPS protection (Intrusion Prevention System), we at Abion have a one-of-a-kind volumetric DDoS protection that actively protects our network at the Internet Service Provider level. This is vital from many aspects, but most crucially it enables our firewalls, switches and servers to focus on the functions they were designed to perform.

From a technicians perspective, it would be a virtual nightmare trying to find the cause of a server failure without a proper DDoS protection. Normal troubleshooting procedures are disturbed by all of the data that is flooding the network and disables much of the hardware. In this case, the last resort is to disconnect the equipment. An attack might last for several minutes, or several days, but the effects of an attack on the business might last for months.

Abion’s volumetric DDoS protection analyses the incoming traffic and learns to recognise normal traffic flows, in order to identify irregularities. Combined with specially written filters for different types of services, an alarm goes off when the traffic is out of the ordinary.

Once we experience irregular traffic pattern the DDoS protection mitigates the unwanted traffic without affecting other services. Since the traffic is filtered in the backbone routers at the Internet Service Provider – where the capacity is highest – we can ward off extremely big attacks without affecting the uptime.

DDoS attacks continue to grow in size, duration and sophistication. This means higher demands on us as a service provider. Demands we take very seriously and we make sure to be at the forefront when it comes to security.

We stop the attacks, so you can focus on your business.

1 2016 Neustar DDoS Attack & Protection Report
2 Worldwide Infrastructure Security Report