Back in the middle of September, some amazingly terrifying things were happening in the world of technology. A DDoS (Distributed Denial of Service) attack reached a mind-boggling 1.1 Terabits per second. Not all users are familiar with DDoS attacks, but we’ll explain how it scales to give perspective, why it affects smaller businesses, and how you can protect yourself.
First, what is a DDoS and why does it matter? A DDoS attack consists of many compromised devices targeting a single system. The compromised devices target the system by attempting to overwhelm an online service.
Once it is successfully overwhelmed, it can be temporarily unavailable or crash completely. There is generally not any irreparable damage to the system itself, but data that is mid-transfer can become corrupted and the system can become unresponsive preventing you from accessing it for work.
Secondly, we generally do not think in Terabits. People on a day-to-day basis are generally dealing with Kilobits and Megabits (which is 1000 Kilobits). When you download a file, you are likely doing it between 10-20 Megabits. This means that this new DDoS attack is 50,000 to 100,000 times faster than your average computer. These numbers are achieved by creating a series of compromised devices acting under singular actions, also known as a botnet.
Chances are, you have never been the victim of a DDoS attack. Unfortunately, that may change. In recent years, attacks on small businesses have increased substantially and the damaging potential has increased over time.
Part of the rise of DDoS attacks is the availability of easy-to-use tools off of disreputable markets and websites. With less skill needed to participate, more people can begin creating DDoS attacks.
So what can you do if someone decides to bombard you with a 1 Terabit attack? At that point, wait for it to end. Realistically, no one with that kind of botnet is going to attack a smaller business unless they have a personal vendetta against you.
More likely is a much smaller DDoS attack, something in the realm of sub-100 Gigabit attacks. But what can you do to defend yourself? Well, you might already be on the right track to preventing attacks not only to your business, but others as well. The main way smaller attackers are making a big impact is based on an open DNS resolver.
Now, what’s an open DNS resolver? More or less, it is an error. A DNS can be open or closed; an open DNS resolver allows traffic and requests from any Internet source while a closed DNS limits who can use it. Using open DNS’s, people can bounce off of open resolvers for both a larger attack as well as anonymity. How can you fix this? Most DNS clients are open by default, so make sure that when you set one up, you close it. When an attack does hit, it will generally give you an IP. Make sure to check out which DNS resolver it is coming from and to update the settings.
In the end, all you can do is make sure that your infrastructure is set up in a way that protects your data from a DDoS attack. Double-check your DNS resolvers to make sure they are not open, keep up to date backups available in case of the worst, and inform law enforcement when it does happen so that they may be able to track down the culprits and put an end to their childish games.