How do I protect myself from a DDOS attack?
DDOS attacks have become one of the most costly attacks in the world of hacking to date. A DDOS attack, or distributed denial of service, is a form of attack that will seek to consume bandwidth and memory from the victim’s computer. This is a very common form of attack against websites and web servers, but it may also be trouble for home users who aren’t properly prepared for such an attack.
In smaller-scale attacks, a simple method of “pinging” a computer or web server with fake data will try to overload the computer’s resources. This will usually affect home users by an unusually slow connection - and web sites may become unavailable under these attacks. Larger-scale attacks use programs and Trojans to operate the attack, which makes a DDOS attack many times more effective.
Just how common are these DDOS attacks?
A small scale DDOS attack can be performed by anyone at all. Simply running a basic command prompt and pinging another computer’s IP address with fake data can be considered a DDOS attack. Obviously, one computer will most likely not do any harm to a website’s server or even another person’s home computer. What really makes DDOS attacks lethal is the beauty of power in numbers.
Programs, such as Trinoo, were created to help use DDOS attacks to find security breaches in networks. This program has become incredibly popular in orchestrating DDOS attacks, ironically. Since free programs such as these have become available to anyone with an internet connection, DDOS attacks have become a serious threat.
I’m a home user - is my software firewall enough to fend off an attack?
Larger-scale DDOS attacks install Trojans and viruses on computers, that actually aid in attacks without the owner knowing! Luckily, most firewalls will catch this “bad” traffic, and stop the attack. Computers who become infected in this way are called “zombies”. These metaphoric zombies will attack other computers when the attacker gives the command, all without the owner knowing. Imagine thousands of these zombies constantly pinging a website or network with fake data - even the most powerful companies such as Microsoft couldn’t keep up with that demand!
Actually fending off an attack directed towards a home computer may be another story entirely. Most routers and firewalls will come with options to filter out bad traffic, or block ports that the attackers are using altogether. Usually, home users have nothing to worry about. Most attacks are aimed for corporations and larger networks.
I run a large network or website - what can I do?
Unfortunately, even some of the giants such as Microsoft can’t always fend off a DDOS attack. Given enough computers acting as zombies, virtually no server can withstand a well-planned DDOS attack. The best solutions are passive - which means the damage will most likely have to be done first.
The first solution is to simply buy more resources. This method will buy more time to help cease the attack, but can be costly. This includes buying more servers, bandwidth, or other system resources in an attempt to be able to withstand the attack. Since large-scale attacks use thousands of zombie computers, this method is obviously temporary and should not be considered long term.
The second solution comes through filtering. This is available through most routers and hardware firewalls that most datacenters and corporations should already have. This process aims to “filter out” the bad traffic based on several factors, such as the location sent from or the data sent. This usually requires some special configuration - so a temporary solution like buying more resources can keep a website up long enough to fix the situation.
If DDOS attacks become constant and are rather severe, more protection is obviously needed. Several companies provide DDOS-specific solutions, as well as other intrusion detection hardware products. However, most of the time a sturdy hardware firewall will be able to fend off an attack.
Alright, I have proof of an attack! Now what?
Sadly, actually bringing an attacker to justice can be very frustrating. Most internet service providers will not hand out any type of contact information for any reason - even if you have been attacked. As far as United States laws go, the damage has to exceed $5,000 before the FBI will take a look at the case. Sadly, beyond this, there is little that can be done. Setting up proper defenses to ensure future attacks will not occur is about all that can be done.
However, you can usually inflict some counter-damage by doing some research. Most attacks will be associated with a website, where attackers boast of attacks or even store DDOS applications and logs. Reporting such websites to the webhosts that run them usually will get them banned with ease. Additionally, reporting the website name to the domain registrar can even get the domain name the attacker used to be revoked - which means they wouldn’t even be able to switch to a new webhost!
Most home users won’t have to worry - just website owners and larger networks. It is generally a rule of thumb that to be a possible victim, the network or website in question has to be fairly well known to attract attention. Generally, however, DDOS attacks have to be provoked. While some hackers with a malicious intent will attack at will, most will have a reason. An offensive blog, for instance, may cause a hacker to launch a DDOS attack.
For the tougher and more expensive problems, the FBI is always a good resource. Otherwise, you’ll be left up to your own intuition and motivation to defend repeat DDOS attacks. And as an ending note, be aware that many of these DDOS attacks are orchestrated by underage children - which will mean that they will very likely not get in trouble for their actions. For this reason, it’s advised to not take drastic measures to counter-attack, since you yourself may be penalized as an adult.