The frequency and size of Distributed Denial of Service (DDoS) attacks is ever-growing and continues to be a priority issue for many businesses. With the ongoing work to shut-down or neutralise botnets, a cyber-arms race has started with hactivists and other cyber criminals constantly searching for new ways in which to amplify attacks. As a result, DDoS attacks are increasingly common.

As the lines between the professional and social use of technology continue to blur, it is vital that we start to really recognise the significance of these attacks, how likely they are and how damaging they can be.

Scary and stressful

For the first-time DDoS victim, these attacks can be scary and stressful ordeals. That’s not surprising; poor network performance and website downtime can be massively costly for businesses, both in lost sales and consumer trust. It’s not all bad news though, as there are some steps that can be taken to mitigate the impact. Here, Gary Newe, systems engineer at F5 Networks , give his recommendations on action to take, should you experience an attack:

1. Verify that there is an attack – Rule out common causes of an outage, such as DNS misconfiguration, upstream routing issues and human error.

2. Contact your team leads – Gather the operations and applications team leads need to verify which areas are being attacked and to officially confirm the attack. Make sure everyone agrees on which areas are affected.

3. Triage your applications – Make triage decisions to keep your high-value apps alive. When you’re under an intense DDoS attack and you have limited resources, focus on protecting revenue generators.

4. Protect remote users – Keep your business running: Whitelist the IP addresses of trusted remote users that require access and mainlist this list. Populate the list throughout the network and with service providers as needed.

5. Classify the attack – What type of attach is it: Volumetric? Slow and low? Your service provider will tell you if the attack is solely volumetric and may already have taken remediation steps.

6. Evaluate source address mitigation options – For advanced attack vectors your service provider can’t mitigate/ determine the number of sources. Block small lists of attacking IP addresses at your firewall. Block larger attacks with geolocation.

7. Mitigate application layer attacks – Identify the malicious traffic and whether it’s generated by a known attack tool. Specific application-layer attacks can be mitigated on a case-by-case basis with distinct countermeasures, which may be provided by your existing solutions.

8. Leverage your security perimeter – Still experiencing issues? You could be confronting an asymmetric layer 7 DDoS flood. Focus on your application-level defences: login walls, human detection, or Real Browser Enforcement.

9. Constrain Resources – If previous steps fail, simply constraining resources, like rate and connection limit is a last resort – it can turn away both good and bad traffic. Instead, you may want to disable or blackhole an application.

10. Manage public relations – If the attack becomes public, prepare a statement and notify internal staff. If industry policies allow it, be forthright and admit you’re being attacked. If not, cite technical challenges and advise staff to direct all inquiries to the PR manager.
It’s an unfortunate fact that the DDoS threat has never been greater and is likely to continue to grow. As ever, the best protection is to be prepared for whatever will get thrown at you and DDoS mitigation should be part of your preparation. It’s important to consider if your network is up to scratch to cope with unexpected loads and if it has the intelligence to identify legitimate traffic during peaks, before an attack hits.

How much do you know about hackers and viruses? Take our quiz!

Duncan Macrae

Duncan MacRae is former editor and now a contributor to TechWeekEurope. He previously edited Computer Business Review's print/digital magazines and CBR Online, as well as Arabian Computer News in the UAE.

Recent Posts

Elon Musk’s X Suffers Multiple Outages

Nation-state cyberattack? Elon Musk blames outages on Monday at X (formerly Twitter) on “massive cyberattack”

11 hours ago

Apple Confirms AI Improvements to Siri Delayed To 2026

More time required for Apple to improved the AI capabilities of the Siri voice assistant,…

12 hours ago

Siemens Confirms $285m Manufacturing Investment In US

German conglomerate Siemens confirms $285 million investment for manufacturing facilities in Texas and California

13 hours ago

IBM Wins Lawsuit Against LzLabs Over Mainframe Patents

Court ruling. Big Blue lawsuit filed in London had alleged IP theft of mainframe technology…

15 hours ago

Trump Says US Talking With Four Groups Over TikTok Sale

But what about Beijing? Donald Trump says administration in talks with four different groups about…

17 hours ago