What is DDoS Mitigation and do you need it?
Denial of Service (DoS) is an exhaustion of resources that leads to lack of availability. There is also the term Distributed Denial of Service (DDoS) which is where there is more than one source of an attack, usually thousands of unique IP addresses. We still observe attackers controlling C&C (command and control) servers that are able to send commands to multiple infected devices (that are part of a Botnet). In the past, there was an understanding that having thousands of bots usually generated a higher attack volume. Nowadays, this is no longer the case. Custodian’s Network Engineer, Paulo Veloso, discusses.
Now we can have a single attacker connected to a high-speed connection, using reflection and getting an amplification of 30 or 50 times more and from 1Gbps easily escalating to 50Gbps going to a target.
Well, it is easier than infecting and unfortunately, many SOHO devices have default services enabled or have default credentials, thus making them exploitable for a SSDP, NTP, DNS, and SNMP reflection attacks (and many, many more). These devices are easily exposed over the internet, Open DNS recursive resolvers, un-patched servers and many other probabilities that make reflection an easier and more effective approach. Therefore, now not only will your service be under DoS but also in this instance you may contribute to “Backscatter”, a by-product of DoS, which is the traffic generated from the Denial of Service attack. For example, if you suffer a SYN flood attack, then your devices would be responding with SYN-ACK packets to an IP address, which will not respond with an ACK because it knows that it never sent a SYN request.
In a worldwide infrastructure report, Arbor Networks concluded that the size of the largest DDoS recorded in 2015 was 500Gbps. Just 6 years before in 2010, the largest attack to date was 100Gbps; just think how big the next largest recorded attack will be.
What is their motivation?
From financial gain, extortion, taking the competition offline, a political statement, diversion of attention, or just for fun… There are multiple reasons why someone might start an attack, and because of these reasons, no one is safe.
From a security point of view, a DoS may be seen as decreased availability. From an operations point of view, it is seen as an outage. From a business point of view, it is a loss of potential business and reputation.
So should you invest money in denial of service mitigation?
A Denial of Service is nothing mythical; it is a growing reality, to the point where it is even a standalone business: DoS as a service.
You have two options:
Option 1– Potentially have your business down for an unforeseen amount of time.
Option 2– Invest in a mitigation resources that would prevent your business from going offline. Knowing that investment may be the difference between loss of sales and damaged business reputation, and continued service as normal. It can be a small price to pay to have the attack mitigated through a scrubbing centre, cleaning your traffic and continuing to have its normal availability.
Until recently, DoS mitigation was only but in place by larger companies due to its expensive reputation. However, solutions are now in available for SME’s. It is something we here at Custodian Data Centres offer as a service. Contact us today to see how we can implement this service for your business.