My environment is being DDoS’d, what can I do?

When a Denial of Service or Distributed Denial of Service (DoS and DDoS respectively) attack occurs, malicious actors flood the target device with many requests.  The goal of such an attack is to overwhelm the target and cause them to lock up and/or stop serving their site or application.  Due to the nature of this kind of attack, it can be difficult to mitigate, and hard to determine what traffic is legitimate and what traffic is malicious.

DDoS attacks can happen at any time and their methods may vary.  Some attacks are targeted, launched in response to a perceived offense or company event.  Others are random, simply a bad actor attacking whatever is available to them.  This means every site and application is at risk of a DDoS attack.

I’m currently under attack what can I do?

Unfortunately, there isn’t much that can be done while an attack is on-going.  You can attempt to build out additional servers to handle the extra load but this method can get expensive fast and isn’t guaranteed to work either.  The attack may simply ramp up in intensity to match any added capacity, and as such, this method is not recommended.

Another common misconception is that the attack can be subverted by changing your IP and DNS records.  This is not recommended, as most attackers would simply start hitting the new IP listed on the fresh DNS record.  Not only does this put you right back into square one, but now the attackers know of two IP’s they can potentially exploit instead of one.

Steps that can be taken

Your best bet to mitigate an attack that is ongoing is the same as preventing attacks in the first place, which is to utilize a DDoS mitigation service.  These services provide a location that your DNS points to that can handle and filter the massive amounts of traffic during a DDoS event.  Malicious and fake traffic from the attackers is blocked by the mitigation service.  This means that only legitimate traffic hits your environment, preventing it from becoming overloaded, and thus responding to normal traffic as expected.

There are several DDoS mitigation services and options out there but we recommend utilizing Cloudflare for your DDoS needs.  Cloudflare has several options including a no-cost option which does contain some DDoS mitigation. 

We recommend at least procuring the free version of Cloudflare for all your environments, as this will future proof against most DDoS attacks.  Even if you are a certain company and employee action will not trigger a targeted attack, DDoS mitigation is still a good idea to have in place to deal with random attacks.

Leave a Reply

Your email address will not be published. Required fields are marked *