What is DDoS?
Denial of Service — literally, "denial of service". The term is an abbreviation for Distributed Denial Of Service Attack, that is, literally, "distributed attack denial-of-service, performing simultaneously with a large number of computers, or briefly called DDOS attacks. If we talk about the technical side of the question, its main purpose is to paralyze the work of the web site by removing the computing system from failure.
How is Ddos attack on the website?
Schematically it can be represented as follows: to the attacked server at the same time from multiple computers bombarded by a huge number of so-called "false" query (meaningless or generated in the wrong format). In the end, he is forced to expend all of its resources to processing these requests, DDoS attack, which leads to the inability to service normal users or complete collapse of the system.
As a rule, in most cases, we are dealing with a three-tiered architecture of Ddos attacks. Is a hierarchical structure that includes: one or more control consoles; the so-called main computers (they get the signal to start the management console); computers-agents ("zombies"), which directly attacked the selected server. Counter measures: filtering, elimination of vulnerabilities, the distribution of resources.
Today there are many different programs that can be used to organize queries, they are constantly modifierade, to develop new ones. As a General rule for withdrawal of a server outage using multiple types of programs, of course without protection from DDos attacks, the likelihood of a server crash increases.
Therefore, effective protection against DDoS should provide a comprehensive set of countermeasures. To distinguish between passive and active remedies as well as preventive and reactionary actions. As a rule, preventive protection includes interventions such as filtering and blackholing, remediation servers, capacity resources, the distribution (i.e., distributed and duplicated systems that will continue to serve users), avoidance (withdrawal immediate target of attack from other related resources, masking the IP address). Active protection — is a response to the opposition, when the attack has already occurred.
All plans of virtual hosting include extended protection of different types of DDoS attacks.
At the moment, the highest possible to filter the attack power is:
- ICMP Echo Request flood attack of random/fragmented packets to the IP layer, ICMP SMURF, IGMP flood — up to 3 MPPS / 10 GBPS;
- TCP SYN flood, including spoofing the sender address, TCP SYN ACK flood (amplification), TCP ACK flood attack is highly fragmented TCP packets, UDP Flood, including spoofing of the sender address, and fragmentation up to 2.5 MPPS / 8.5 GBPS;
- DNS Amp — up to 2 MPPS / 10 GBPS;
- HTTP HEAD/GET/POST flood, DNS flood req.