What is a DDOS Attack and how to mitigate one

What is a DDOS Attack?

A Distributed Denial-of-Service(DDOS) Attack is when a bad character maliciously sends a large number of requests to a website. When a website receives a large amount of requests in a short period it can cause the website to break due to lack of resources needed to support the large amount requests. A DDOS Attack can also be expensive for the owners of the website if the resources used for the website are increased.

What to do when you are a target in a DDOS Attack?

There are multiple strategies that can be used to mitigate a DDOS Attack. These stategies can be conbined to quickly mitigate the attack

• BlackHole Routing

  • Create a Null route that receive all traffic and loses it. This approach is a last straw approach where the owners of the website have no means to block the attack. This is not the ideal approach as it gives the attacker what they want.

• Rate Limiting

  • Setting a limit to the amount of request a website is able to receive. This approach will not solve a DDOS Attack but it will slow down web scrapers from stealing content and mitigate brute force login attempts.

• Web Application Frirewall (WAF)

  • A WAF is a tool that can act like a reverse proxy and be able to filter requests. You can quickly implement custom rules in response to an attack that will be able to mitigate a DDOS Attack.

• Anycast network diffusion

  • By leveraging a Anycast network, you can scatter the attack traffic across the network of distributed servers to which the attack traffic is manageable.

Things to keep in mind

• Ensure the right stakeholders are aware of the attack:

  • Users

  • Company partners

  • Employees

• In order to mitigate a DDOS attack it is important to gather information about the request:

  • Which countries are these requests coming from

  • Are the bad actor requests are spread out sparsely or in a single area