The internet has become such an integral part of everyday life that it’s sometimes easy to forget how vulnerable you can be to online threats. If you’re a gamer, website owner, involved in the running of a site, or even just a general internet user, one of these threats comes from something known as DDoS attacks. Fortunately, there are a few simple precautions you can take to protect yourself or your business.
Table of contents
What is a DDoS attack?
A distributed denial of service (DDoS) attack is an attempt to interfere with the usual traffic on a specific network, server, or service by flooding the target with a massive amount of data. The aim of this attack is to overwhelm its normal functioning and make it essentially unusable for a time.
A good analogy for a DDoS attack is a traffic jam. When a DDoS attack hits, all the “roads” in a certain area are suddenly filled with traffic, temporarily stopping all the normal traffic from moving anywhere and getting to where it’s supposed to be.
How do DDoS attacks work?
Well, the perpetrator will generally make use of devices and computers of random people who are not aware of their part in the attack — that’s because their machines have been taken over by using malware. Once malware allows the attacker to control the devices remotely, these devices are known as bots, and a collection of them forms a botnet.
Using the botnet, the attacker can send a large number of requests to a specific IP (Internet Protocol) address in an attempt to add so much malicious traffic that the target cannot handle it. The fact that DDoS attacks are made up of lots of individual bots makes them difficult to stop, as the requests are often indistinguishable from the usual day-to-day traffic.
How dangerous are DDoS attacks?
DDoS attacks are becoming more and more prevalent worldwide, and 2020 was a particularly bad year for many targets of DDoS attackers. For example, the New Zealand stock exchange was even taken completely offline for several days in late 2020 by a successful DDoS attack, showing that coordinated DDoS attacks can have a big impact even on seemingly secure institutions. Even public institutions such as schools have been targeted recently.
The motivations behind DDoS attacks are usually such:
- Money: This is the most common reason, with perpetrators often attempting to extort a ransom from the victims in the form of cryptocurrencies like bitcoin under threat of further attacks. Ransom attacks increased by 16% in Q4 2022;
- Politics: 2022 saw a massive wave of attacks targeting Taiwanese sites ahead of the Nansi Pelosi visit as well as attacks targeting both Ukraine and its allies;
- Gaming: DDoS attacks are meant to degrade the performance of the opponents in the game or boot them out completely. This can put you at a severe disadvantage or even lose you a game, making them a real nuisance and even a threat to some people’s livelihoods.
All of this shows that DDoS attacks do present a genuine threat to businesses and institutions worldwide. Therefore, it’s important to take as many precautions as you can to prevent a DDoS attack from affecting you.
How to prevent a DDoS attack
For individuals (especially gamers)
While DDoS attacks can target anyone, some of the most common targets for DDoS attacks are, perhaps surprisingly, gamers. This is because online gaming is a massive and highly competitive industry that many people are very passionate about. Additionally, there is a lot of gambling on the outcomes of tournaments, making them a target for attackers looking to influence the results and make an easy profit.
DDoS attacks on gamers can cause lag, putting one side at a disadvantage or even force multiple people out mid-game. These attacks are common in modern gaming, so it’s important to know how to prevent DDoS attacks. Some of the most effective steps you can take are:
- Use a VPN: Virtual private network (VPN) providers conceal your real IP address by routing traffic through a different server. Hiding your IP makes it very difficult for attackers to target you, making VPNs an affordable and effective way to avoid DDoS attacks;
- Reset your IP address periodically: Resetting your IP address makes it hard for would-be attackers to pin you down and target you. You can easily reset your IP just by unplugging and plugging back in your router. Alternatively, you can manually change it via your computer’s settings. The easiest way to do this is, of course, using a VPN and connecting to a different server;
- Avoid following links in chats: A common tactic attackers use is to post malicious links in an in-game chat. They may be disguised to look legitimate, but clicking on them can make you vulnerable to a DDoS attack. The best defense is to avoid them completely;
- Install security software: If you don’t have any, we recommend installing security software from a trusted provider. It’s also important to update any software regularly to patch any vulnerabilities that might appear over time;
- Improve your home connection: It’s a good idea to regularly (every three-five years) get new hardware for your home network. A lot of hardware now has inbuilt protection, so this can be a good choice if you want to add another layer of protection against DDoS attacks.
For businesses
The procedures for preventing DDoS attacks are a little different for businesses. Gamers are often on a home connection, so things like unplugging and plugging back in a router are easy to do. For businesses, this is not usually a realistic way to operate. In the case of an attack on your business or to reset your IP address, you may need to contact your internet service provider (ISP). Changing IP addresses is an important step for preventing future attacks.
One effective defense is to buy and install special equipment that filters incoming traffic to only let through legitimate traffic and detects attempted DDoS attacks.
Cloud-based defense systems also exist to help filter and block suspicious incoming traffic. Also, it can be beneficial to have a large, high-capacity network that is capable of absorbing most attacks.
None of these methods are completely infallible, but they should help businesses avoid most DDoS attacks.
How to recover from DDoS Attacks
Recovering from a DDoS attack is slightly different for regular users and businesses.
For gamers and other users
- Reset your router: this means turning it off/unplugging it for 10-15 minutes;
- Contact your ISP: a DDoS attack means that someone knows your IP and can launch attacks later on. The ISP can change your real IP;
- Get a VPN: if you always use a VPN for gaming or browsing, your real IP should remain obfuscated and thus any DDoS attacks will hit the VPN server and not you.
For businesses
- Restore your connections: due to the way your Border Gateway Protocol reacts to DDoS attacks, your connections to partners may have dropped. You need to restore them;
- Contact your ISP: in some cases, your ISP may have blocked you due to the traffic you’re receiving crowding out others;
- Restart your firewalls: your defensive systems will have been overwhelmed and messed up and in need of restarting;
- Gradually reconnect customers: after a DDoS attack occurs, you may deal with a more benign version: a rush of customers trying to reach your services. This can result in another DDoS-like event;
- Analyze the attack: this should be done as soon as possible to learn what tools were employed and how much the attacker was willing to invest in the attack;
- Analyze your weak points: your system also has to be analyzed for weak points;
- Assess your DDoS protection strategy: did it work as well as it could? Or maybe you have some practices lacking?
What are some common types of DDoS attacks?
There are multiple different types of DDoS attacks that can be used by malicious actors, which is one of the major challenges when it comes to trying to defend against them.
Networks can be visualized as built-in layers (as per the OSI model), with each layer covering a different fundamental part of the network and contributing to the way it functions for users.
Different DDoS attacks work by targeting specific layers of this model. But to complicate things further, most modern attacks involve a combination of several different kinds of attacks. Some common types of attacks include:
Application layer attacks | Volumetric attacks | Protocol attacks |
---|---|---|
These attacks target the layer of the network associated with creating and delivering web pages when HTTP requests are made. These HTTP requests can be complex to fulfill, requiring multiple files, so if enough HTTP requests are made, then the network can quickly become overwhelmed. | These attacks aim to create an unmanageable amount of traffic in a network by using all the available bandwidth. Often, the attacker will use tricks to amplify the amount of information they can send, for example, requests from different sources. | A protocol attack works by overusing certain resources of the target network/server, such as load balancers and firewalls. The result is that the target site or service becomes unusable as users can’t access it. |
Example: | Example: | Example: |
HTTP Flooding is what most people consider a DDoS attack to be; it uses a botnet to send a lot of simple requests to a service. Since they’re made by just entering a website address and not via some more complex means, they look like regular traffic and are hard to filter out. | An example of a volumetric attack is DNS (Domain Name System) amplification. This attack uses a spoofed IP address of the intended victim to send many small requests to services that require large responses. When those responses come back, they go to the target and overwhelm their system. | An example of a protocol attack is an SYN flood. SYN is a message sent to establish a TCP (Transmission Control Protocol) connection. A service usually acknowledges this, and a connection is opened. However, no connection is established in a SYN attack, the TCP table tracking requests flood and no connections can be made until it clears. |
In conclusion: get your DDoS protection ASAP
It’s clear that DDoS attacks are an issue for individuals, businesses, and even public institutions. However, there are a number of effective ways to avoid attacks and ensure you have DDoS protection.
One of the most effective and accessible ways for the average person or business to give themselves DDoS protection is a good VPN. VPNs can hide your IP address, making it much harder for anyone trying to commit a DDoS attack to find you and target your network.
FAQ
Is it possible to stop DDoS attacks?
It is possible to impart DDoS attacks with the right preparations and a little bit of ISP partnership.
How long does it take for a DDoS attack to go away?
A DDoS attack can take as long as the attacker wants it to take if you don’t take any precautions. Also, there may be some lingering effects even after the attack has stopped.
How do you fix your router after a DDoS attack?
In most cases, restarting the router after the attack should help.