DDoS Attacks and How To Protect Against Them

DDoS stands for Distributed Denial of Service, a form of cyberattack whereby a target, such as a web server used to host any number of sites, is flooded with traffic. The attack is considered distributed because the traffic comes from typically thousands of computers all over the internet, whether other servers, home computers, and even smart devices. It is a denial of service attack because, when successful, the flood of traffic is so overwhelming that it effectively prevents the target from responding to legitimate traffic altogether, either because it is unable to process such traffic in a timely way or because the target has literally crashed.

A Brief Historical Illustration

DDoS attacks are nothing new. Although I couldn’t tell you what the first DDoS attack was, I can tell you the first one that I actually remember, and which will help illustrate how the attack works. In the late 1990s and very early 2000s, when something called IRC, or Internet Relay Chat, was at its peak popularity among internet chatters — especially computer and networking enthusiasts, programmers, and underground “hacker” types — a user who went by the name TFreak discovered and developed what he named the Smurf attack.

Smurfing was utterly simple. Computer networks have something called a broadcast address, which is simply an address that when you send a message to it, and if the network is so configured, that message gets relayed to every computer on that network. If you were to send a ping (which is essentially a message that says, “Are you there?”) to the broadcast address, all computers on the network would respond directly to the computer that sent the ping with a message of, “Yes, I am here.” What TFreak realized was that if you spoof, or fake, the sending address of the ping, then all the computers would send the responses to that spoofed address instead. Given that (1) computer networks can have hundreds of computers connected, (2) you can send pings continuously, and (3) you can ping multiple networks at once, Smurfing could end up causing a crippling DDoS attack on a given target, especially in the days of dial-up internet.

Smurfing has long since been effectively mitigated due to changes in the way networks handle broadcasts and the way connected computers respond to them. And while I have to admit that thinking back on it now makes me smile with a little bit of nostalgia for the earlier, somewhat more “Wild West” days of the internet, back then the attack could be devastatingly effective. Malicious users would harass other users, particularly on IRC, by Smurfing them offline repeatedly.

DDoS’s Today

Smurfing was fairly easy to mitigate by getting networking equipment manufacturers such as Cisco to disable the vulnerable broadcasting behavior, and operating system developers such as Microsoft to disable the broadcast response behavior of the computers. But today, attackers almost exclusively utilize botnets to send floods of traffic to their victims, which is significantly more difficult to protect against.

A botnet is a group of computers, often times numbering in the thousands, that have been compromised with malware — ever accidentally installed something by clicking a link in a spam email? — allowing the attacker virtually complete control of the system. These compromised computers, or bots, will automatically “phone home” to a server the attacker controls, and from which he can issue commands that cause them to behave in certain ways — such as sending massive amounts of traffic all at once to a target computer or server. Because the traffic can individually be made to look legitimate, it is a lot more difficult to filter out the genuine traffic from the malicious.

When it comes to your web server or your website, a DDoS attack is bad enough even if it’s only for the purpose of harassment. Your site, whether business or personal, is your online presence, and when it is slow, unresponsive, or down altogether, your visitors can get frustrated. While early DDoS attacks like Smurfing were primarily (thought not always) done to harass, these days such attacks are increasingly being used for extortion. Such attackers will typically try to DDoS your site for a short period, and then send you an email threatening further attacks if you don’t pay them a fee in bitcoin, a valuable and very difficult to trace e-currency that has, unfortunately, become very popular with cybercriminals. Even worse, such extortion attempts have been surprisingly lucrative.

How to Protect Your Site

Fortunately, there’s a lot of good news in this otherwise grim picture. In the first place, the chances that you’ll be targeted by a DDoS extortion campaign are exceedingly low. Attackers tend to target online businesses whom they have good reason to believe would be able to afford handing over thousands of dollars in bitcoin. That excludes the vast majority of web hosting users.

Second, all major web hosting providers already have in place DDoS mitigation technology on their networks. Because most hosting customers are on shared servers, and hence tend to share the same small pool of IP addresses with other users on the same server, a DDoS attack on one customer will adversely affect everyone, as well as the underlying network infrastructure itself. For that reason, hosting providers already protect their servers and networks from DDoS attacks.

Nevertheless, it can still be a very good idea to add an extra layer of protection by using what is called a CDN, or Content Delivery Network. In spite of mitigation protection that your hosting provider already uses, some DDoS and other malicious traffic can still slip through. CDNs are essentially distributed networks run by companies such as CoudFlare, Sucuri, and SiteLock that filter bad traffic, and additionally improve performance for your website globally.

Using a CDN service is incredibly simple. Once signed up, all you have to do is update your domain’s nameservers to those provided to you by your CDN, wait for those changes to propagate, and then all traffic to your website will be delivered through the CDN’s network first. Many websites, especially business sites and sites with an otherwise large amount of traffic, commonly use CDNs.

Many hosting providers partner with CDN services. Be sure to read our web hosting reviews to learn more.