Expert Overview :
Idan Cohen: DDoS-GUARD has developed a number of custom solutions built to address the fact that many CDN services do not include web security measures that can distinguish between good/bad traffic patterns consistently to guard against distributed denial of service attacks. DDoS-GUARD offers retail and corporate solutions for single website owners or businesses that need to integrate DDoS protection into their existing CDN deployments. As DDoS-GUARD will work alongside code from most 3rd party CDN vendors, systems administrators can add the utility as part of a wider server stack or network administration toolbox. Read More
Expert Overview :
Max Ostryzhko: Imperva Incapsula is one of the industry leaders in DDoS Protection Services with advanced cloud software solutions for websites, infrastructure, and DNS servers. Imperva Incapsula operates with GRE tunneling under Border Gateway Protocol (BGP) routing standards with a PCI DSS compliant Web Application Firewall (WAF) and integrated CDN. This means website owners can enable Imperva Incapsula DDoS protection services as an additional layer of security on existing websites and domains. The combination of DDoS protection, web security, and CDN integration is gradually becoming a web hosting standard. Read More
Expert Overview :
Michael Lavnduski: Cloudflare is one of the most popular CDN services in the world and integrated DDoS protection is included in the platform at the DNS level with load balancing and network routing. This includes live monitoring of web traffic requests and the ability to isolate or contain bad traffic requests automatically. Anycast technology provides the basis for Cloudflare's DDoS protection and the company manages complex cyber attacks on its infrastructure on a daily basis. Cloudflare CDN has successfully guarded websites against some of the worst known cyber attacks recently and continues to be well respected in the industry. Read More
Max Ostryzhko: ProHoster offers 2 different DDoS Protections Services plans: Free Anti DDoS, UN. Their servers are placed in next locations: Kharkiv, Amsterdam, Moscow, New York, Tallinn, Siauliai. Read More
Max Ostryzhko: Tropical Server offers 1 DDoS Protections Services plan: Protección DDoS. Their servers are placed in next locations: Paris, Madrid, Granada, Frankfurt am Main, London, Singapore, Strasbourg, Warsaw, Roubaix. Read More
Max Ostryzhko: HostLife offers 8 different DDoS Protections Services plans: 5 Gbps, 10 Gbps, 20 Gbps, 40 Gbps, 60 Gbps, 80 Gbps, 120 Gbps, 160 Gbps. Their servers are placed in next locations: Frankfurt am Main, Manassas, Kiev, Moscow, Amsterdam. Read More
Max Ostryzhko: NettaCompany Web Solutions offers 4 different DDoS Protections Services plans: NC-GUARD-STARTER, NC-GUARD-BUSİNESS, NC-Guard-Premium, NC-GUARD-PLATİNİUM. Their servers are placed in next locations: Alma, Istanbul, Dublin, Sumy, Dubai, Ahmedabad, Neunkirchen, Rustenburg, Paris, Granada, Roubaix, Tokyo, Chino. Read More
Max Ostryzhko: ALCHosting Limited offers 1 DDoS Protections Services plan: CloudFlare DDos(Free). Their servers are placed in next locations: Tokyo, Delhi, Chicago, Hong Kong, London, Paris, Singapore, Sydney, Amsterdam, Moscow. Read More
Max Ostryzhko: Well-Web offers 1 DDoS Protections Services plan: E3-1270V6. Their servers are placed in next locations: Amsterdam, Moscow, Los Angeles, Frankfurt am Main, Singapore. Read More
DDoS attacks is just one from the long list of problems that your web server needs protection from. If you think it’s alright to shrug it off, let us take you back in time to 2016 when internet heavyweights such as Amazon, Twitter, Spotify, Netflix, Etsy were knocked out through repeated DDoS attacks and reported damages in millions of dollars.
One thing’s clear: DDoS needs to be taken seriously. But tackling it first requires knowing all you can about it. Here’s everything you need to know about DDoS.
DDoS stands for distributed denial of service and sometimes just referred to as “Denial of service”. It is exactly what it sounds like- your server, under a DDoS attack, will refuse to function anymore. What happens is that your server is actually overwhelmed with traffic which disrupts its services. An abnormally large number of requests is sent to the server and this causes the system to break down and it is unable to process any request at all for a long time.
For instance, Amazon’s website, because of the DDoS attack in 2016, went down for hours and millions of customers and the website administrative themselves were unable to access the website. Such DDoS attacks can even be part of a deeper criminal activity; as the website is down, sensitive customer data such as credit card information will be vulnerable to breaches.
Although we will be discussing DDoS attacks in general and how, with your hosting services, you can protect your server against them, it is important to recognize that all DDoS aren’t necessarily attacks. Some of them can also be accidental. These DDoS “accidents” are actually much more common; targeted attacks are seen in high profile websites such as Amazon, eBay and the likes but for smaller websites, inadvertent DDoS due to their own code is a much likelier scenario.
For example, software and application developers often are unable to determine load distribution and assume it to be even. When the server experiences unexpectedly uneven high loads, processing naturally slows down and the users are left with a glitchy website. But this slow processing isn’t the worst part. When the server encounters such errors, it is often written in the code to retry after 60 seconds or some other similar time interval. This causes requests to build up and the 60 seconds of downtime gradually build up to a full-blown DDoS attack.
Although the goal of both these attacks is the same i.e. to disrupt the services of your website, the difference lies in how they set about accomplishing it.
DoS or denial of service is pretty simple; it launches its attack from a single computer. On the other hand, DDoS or distributed denial of service attacks are launched from hundreds or even thousands of machines. All of these computers don’t necessarily belong to the hacker. Victim computers which don’t have adequate security features can easily be added to the hacker’s network by malware. This network of computers are known as a botnet and are often used by hackers and cybercriminals to launch DDoS attacks, steal data, send spam and conduct other such malicious activities.
Once you see just how many types of DDoS attacks your system is vulnerable to and the innumerable ways they can attack it, you will recognize the urgency of the situation.
This is the simplest one to understand- the goal is to send a huge number of traffic and requests to your server and saturate its bandwidth to the fullest. Although volume based attacks are measured in bits per second (bps), these have evolved to create traffic of over 1 terabit per second (tbps).
There are a number of request amplification techniques which are used to conduct volumetric attacks. These include UDP or User Datagram Protocol floods, ping floods and other spoofed packet floods.
UDP floods target different ports of the server randomly leading to an overwhelmingly amount of requests in these targeted ports, thus draining the server’s processing power. Ping floods, also known as ICMP floods, send a continuous stream of ICMP echo requests to the server, without waiting for a reply. As the server tries to respond with an ICMP echo reply of its own, the system slows down and eventually shuts down. Spoofed packets are basically data requests sent from a fake IP address, one that does not exist on the internet currently.
Protocol attacks target the Layer 3 (network layer) and Layer 4 (transport layer) of the Open Systems Interconnections or OSI model of a computer system. This doesn’t just affect the server; the intermediate structures such as firewall and load balancer are also targeted. By attacking these critical resources, this type of DDoS attacks consume all of the server’s computational capacity, utilizing them to their maximum and thus, disabling the server from responding to legitimate processing requests.
Protocol attacks, notorious among hosts, can be launched by a wide array of means such as the infamous Ping of Death, Smurf DDoS, SYN floods and fragmented packet attacks.
The Ping of Death manipulates TCP/IP protocol, hence causing the system to break down. The principle here is that computers process data in “packets”. These packets typically consist of 64 bytes; this is a fundamental part of communication across networks of servers. As for a complete Internet Protocol packet, consisting of data and header, it can contain up to a maximum of 65, 535 bytes. The Ping of Death sends malformed IP packets, which contain greater than the prescribed limit of data, to its target server. This confuses and overloads the memory buffers of a server, leading to a crash.
Smurf attacks are similar to ping floods, except that Smurf manipulates the communication system of the broadcast network to amplify its attack. It uses the Smurf malware, a fun name which is actually disguising a very dangerous software, to send an echo request from the target server to an IP broadcast network. Subsequently, all the hosts in the network respond to the server, thus flooding it.
SYN flood identify weaknesses in the TCP connection sequence, known as the three-way handshake and exploits it to overwhelm the server. For instance, the malicious computer system will send synchronizing (SYN) requests repeatedly to the target server from a spoofed IP address. As the target server will try to respond to these requests with its own acknowledgement (ACK), it will keep failing as these requests weren’t sent from a real IP address anyways. The server has its hands full with trying to respond to these fake SYN requests while legitimate requests are ignored. Eventually, the servers give in and crash.
As far as DDoS attacks are concerned, application layer attacks are considered to be the hardest to deal with. It targets the Layer 7 (application layer) of the OSI model, which typically faces the end user. Disguised as seemingly legitimate requests, these types of attacks are significantly harder to detect than the others. Slowloris and HTTP floods are common application based attacks.
HTTP floods are also known as GET/POST attacks. Rather than using botnets, spoof packets or the many different ways of attacking servers that we’ve looked into, HTTP floods take on a simpler yet more potent approach. Hackers send floods of GET and POST requests, which are used for data retrieval, to the server. They craft these requests to take up as much of the server’s processing capabilities as possible. Eventually, the server is rendered unable to process any request.
Slowloris is another technique to monopolize a server’s resources. The web server containing the Slowloris software builds connections with all the open ports of the targeted server but never sends a complete HTTP request. Rather, it just sends partial headers. As the server waits for request completion, it exhausts all its resources.
DDoS attacks come in so many forms, it might seem impossible for you to handle them. But the stakes are high and you need to make sure that your web security is airtight.
According to Kaspersky, a single DDoS attack can cost your company $52,000 to $444,000. This is unacceptable. What you need is special DDoS protection services which will make sure that you never have to deal with these malicious attacks.
These protection services are enabled in a number of stages- detection, diversion, filtering and analysis.
First, it detects any abnormalities in web traffic. The sooner they are identified, the more effective your protection services are. Then, the malicious traffic is diverted away from the targeted server either by DNS or by BGP rerouting. Next, this traffic is filtered by techniques such as spoofing filtering or bogon filtering. This stage will distinguish between legitimate requests and malicious ones. Finally, the system takes a granular look into the security logs to identify both the offender and cause of the attack.
When you are looking for hosts which offer DDoS protection services, here are some factors that you should consider.
This is a measure of scalability in case of an attack. Basically, it is the amount of bandwidth that is available to deal with malicious traffic while the rest of it maintains regular operations.
In units of Mpps (millions of packets per second) it is the measure of the processing power of the server to deal with DDoS attacks. These attacks can be as small as 50 Mpps and go as high as 300 Mpps. It is important for your hosting provider to have a higher processing capability to handle the influx of data packets.
Your DDoS protection services should be able to identify an attack as soon as possible and weed it out. But if it takes too long and the attack takes hold of the server, it could crash and recovery would be a lengthy process.
Have a look here at the best DDoS Protection Service Providers of 2018, presented to you by HostAdvice. DDoS can be deadly and you should definitely take all the measures you can to protect your website against it.
|Rank||Web Host||Monthly Price Range||Expert Overview||User Ratings|
|1||DDoS-GUARD||AU$0.00 - AU$21.12||"Hosting Focused on DDoS Protection"|
|2||Imperva Incapsula||AU$83.07 - AU$420.96||"The Perfect Complement to Your Hosting"|
|3||CloudFlare||AU$28.16 - AU$281.58||"Global Content Delivery Network"|
|4||ProHoster||AU$0.00 - AU$105.59||N/A|